Firewalla is an inline firewall with IDS/IPS functions and a bunch of cool features for homes and offices. In case you want to know where Firewalla block and what it is doing it, here you go. You can usually get a global view of all the blocks via the Rules button.
1. Family Mode
Family mode relies on OpenDNS to filter out bad and adult content. This is done by forwarding your normal DNS to OpenDNS servers. Here porn / malicious sites will be blocked via DNS query.
2. Ad Block
Ad-block mode is also done via DNS. The difference with (1) is, the query is local, no third party is involved. Since the query is via a DNS cache inside Firewalla, your DNS lookups will be faster than normal.
3. Active Protect
Active Protect provides a pre-loaded list of bad sites + a dynamic list populated based on learning your network. We computed the lists over the cloud. Firewalla autoblocks sites for you via Active Protect only if it is very sure that the site you are accessing or is accessing your device is 'bad'. Most blocking here is done using the IP address, blocked is in the switching path. (iptables if you know what that is)
To turn off Active Protect or stop autoblocking, tapping "+" / Features -> Active Protect - Turn Off to turn the whole list off, or go to Rules -> Active Protect Rules, tap each entry to unblock.
4. Port Block
Port block can be done when you tap on the open port in the "open port" button.
5. Category Block
These blocks are more sophisticated. It is pretty much you specify a category to block, and Firewalla will compute what sites to block. The categories include:
All blocking lists are IP-based, and they are dynamic. You can always delete the related blocking rules to unblock.
6. IP/Domain Block
Blocking Rules can also be created by manually set a target (type in a domain/IP Address) or blocking from Alarms. You can remove those by going to Rules and tap on the entry that you want to remove.
For the strongest protection, we do recommend the following:
1. Turn on family mode, this will block malicious sites from DNS lookup.
2. Turn on the Active Protect. (this feature should be automatically on in the future). Tap on +, or "Features" in settings, tap on "Active Protect" and turn it on.
3. There will still be some alerts that are default blocks, these are usually behavioral or something related to 'we are not sure.
7. Malware Blocks
How the block is done depends on the reputation score of the site. The reputation score of sites does change very often.
- For sites that with low reputation score, the block will be automatic, and a warning alarm. In case we are wrong, you still can easily undo the block.
- For sites with a higher reputation score (content still questionable), we will send an alarm and you can take action as needed. For example, things related to cryptocurrency may be legit to some and some may not.
- For sites with a really low reputation score, the block is automatic, there is no alarm.
When a flow is blocked you will see it on the Flows list for the device, the Group (if the device belongs to a Group), and the network. For more details on blocked flows, see Firewalla Blocked Flows.