I won't say that this is a bug, but rather it's an oddity that I can't explain. To summarise, it appears for a device on my network a 'to the internet' block fails to block traffic to a given domain but adding to that a specific block for the domain does block the traffic.
So, I have an FWP and many devices, one of which is the home NAS. I'm quite neurotic about the NAS and so I've set rules for the device such that there's a total 'from and to the internet' block and then I allow outing traffic for the domains that I know the NAS needs to work, eg 'synology.com', 'plex.tv' etc. Occasionally I see traffic being allowed that doesn't match any of the allowed domain rules, and so the first query is how can that happen? One such allowed flow was for the local newspaper website, which my wife on her phone may well have visited but I can't imagine NAS ever doing.
The other issue is one that I'm now seeing every few days, which is when the NAS calls out to 'quickconnect.to', which I find troubling because QuickConnect is disabled, but why would that flow not have been blocked, because the domain looks nothing like any of the allowed domains? If I set an explicit block for 'quickconnect.to' (to compliment the to-from-internet block) then the flow is blocked, and so why would a specific block catch the flow but the general block not catch it?
Please sign in to leave a comment.