On 6/30/07, Henning Andreseck <AndreseckH at gymszbad dot de> wrote:
> Hi there,
> i want to block port 80 (http) for everybody except the proxy-server.
> The first rule in the "Rules -> LAN" is "allow-everything from lan to **".
> afterwards i createted a rule "deny port 80 from lan to **".
> when i try to connect direct to the WAN without the proxy works. where
> is my problem/mistake??
You need the block rule to come before the allow rule. Rules are
processed in order, by putting the allow all rule at the top, you're
allowing everything and your block rule will never be hit. Ideally,
put in just specific allow rules and delete the default allow rule.