to block ALL network activity, except several IP adresses

Hello, how by CIS possible to block ALL network activity, except several IP addresses?

To do this, you first need to do two separate steps.

  1. Make a ZONE that includes the IP addresses that you want to allow (Don’t forget to include your DNS servers, your local LAN IPs etc.).

  2. You then need to make a global rule with the following parameters;

Action : BLOCK
Protocol : TCP or UDP
Direction : IN/OUT
Description : Whatever you want to call this rule
Source Address : ZONE - select the zone created in step 1.
SELECT THE EXCLUDE BUTTON
Destination Address : ZONE - select the zone created in step 1.
SELECT THE EXCLUDE BUTTON
Source Port : ANY
Destination Port : ANY

The logic behind this appraoch is we are defining a zone of allowed IPs and then the global rule blocks all addresses except those in the nominated zone. It is critical that you include all required IPs in the zone. It can take a bit of trial and error to get them all. When something fails, check the firewall logs to see what failed.

Hope this helps,
Ewen :slight_smile: