Block rule being ignored

Follow

Robby

• February 15, 2021 18:35

I posted this disconcerting issue a few weeks ago but had no responses. It's pretty troubling TBH and I currently have little confidence in my standard Blue box.

I had several IP cameras and I don't want them to be phoning home. Typically the phone-home is to p2p.reolink.com, Reolink being the manufacturer. The cameras are in a 'Cameras' group, and the rule structure is simple:

All Devices:

- Block all traffic for 3 geo regions

- Allow all traffic for a limited range in the VPN IP range

Cameras group:

- Block to and from the internet

- Allow traffic to domain pool.ntp.org

- Allow traffic to domain smtp.gmail.com

 

So with that rule-set why can I see regular activity to p2p.reolink.com? Am I hopelessly misunderstanding the rules hierarchy?

0

• 

  Firewalla

  • February 15, 2021 19:01

  Tap on the flow you see under network flow (of p2p.reolink).  In the flow detail page, if you see the transfer bytes is very small or only one direction traffic (either receive or transmit is 0), then likely it is just packets getting dropped, and still getting accounted in the flows.

  0

  Comment actions Permalink
• 

  Robby

  • February 15, 2021 19:07

  Hi, and thanks. Yes the response size is zero. I would have thought that the rule would prevent the request getting as far as being logged at all. Can I assume that the request never reached it's destination? Maybe it reached its destination but the rule blocked the incoming response?

  At the very least the user is given the impression that the rule isn't being effective and so will this be resolved in the future?

   

  0

  Comment actions Permalink
• 

  Firewalla

  • February 15, 2021 20:50

  Yes, once you see zero response and the transmit is small, then it is a block.  In the upcoming 1.972, this may be clearer, with a blocking view, then you can just look at the blocks.

   

  0

  Comment actions Permalink

Please sign in to leave a comment.