search

ericpaulbishop / gargoyle

Gargoyle Router Management Utility
http://www.gargoyle-router.com
469 stars 221 forks source link

Gargoyle 1.13.0.2 (b69041f8) firewall restriction rule not working #952

Closed badziewiak123 closed 1 year ago

badziewiak123 commented 2 years ago

Hello I have a rule set up in the GUI to block a specific MAC. In the file it looks like this:

config restriction_rule 'rule_1'
        option is_ingress '0'
        option description 'VM blokada'
        option family 'any'
        option local_addr '52:54:00:52:0a:a8'
        option enabled '1'

This is what all the network interfaces look like on the blocked virtual machine:

C:\Users\testowy>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-UP8E4DA
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Realtek RTL8139C+ Fast Ethernet NIC
   Physical Address. . . . . . . . . : 52-54-00-52-0A-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd54:b1b9:279d::150(Preferred)
   Lease Obtained. . . . . . . . . . : środa, 25 maja 2022 14:09:52
   Lease Expires . . . . . . . . . . : niedziela, 9 lipca 2158 15:49:54
   Link-local IPv6 Address . . . . . : fe80::b188:c8ca:afc4:ff4b%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.150(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : środa, 25 maja 2022 14:09:52
   Lease Expires . . . . . . . . . . : czwartek, 2 czerwca 2022 19:59:41
   Default Gateway . . . . . . . . . : 192.168.1.11
   DHCP Server . . . . . . . . . . . : 192.168.1.11
   DHCPv6 IAID . . . . . . . . . . . : 106058752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-F8-F7-8B-52-54-00-52-0A-A8
   DNS Servers . . . . . . . . . . . : fd54:b1b9:279d::1
                                       192.168.1.11
                                       fd54:b1b9:279d::1
   NetBIOS over Tcpip. . . . . . . . : Enabled

And this is what the network traffic route looks like:

C:\Users\testowy>tracert wp.pl

Tracing route to wp.pl [212.77.98.9]
over a maximum of 30 hops:

  1    <1 ms    <1 ms     8 ms  Gargoyle.lan [192.168.1.11]
  2     *        *        *     Request timed out.
  3     7 ms    10 ms    10 ms  172.17.146.25
  4    14 ms    14 ms    66 ms  172.17.28.98
  5    15 ms    19 ms    13 ms  172.17.28.98
  6    86 ms    21 ms    19 ms  netia.plix.pl [195.182.218.13]
  7    16 ms    16 ms    15 ms  WARSC001RT73.inetia.pl [83.238.248.19]
  8    40 ms    12 ms    11 ms  87.204.224.71
  9    26 ms    39 ms    16 ms  83.238.6.13
 10    14 ms    23 ms    14 ms  www.wp.pl [212.77.98.9]

Trace complete.

I fired up speedtest.net on virtual and noticed a significant increase in transfer on the iftop of the main router:

078088184232.gliwice.vectranet.pl                                      => speedtest.protonet.pl                                                      0b      0b      0b
                                                                       <=                                                                         84.5Mb  75.4Mb  22.3Mb
078088184232.gliwice.vectranet.pl                                      => 195.149.98.29.obslugapc.pl                                                 0b      0b      0b
                                                                       <=                                                                         14.1Mb  20.6Mb  8.44Mb
078088184232.gliwice.vectranet.pl                                      => speedtest.midiko.pl                                                        0b      0b      0b
                                                                       <=                                                                         20.2Mb  19.5Mb  9.42Mb
078088184232.gliwice.vectranet.pl                                      => speedtest.pirxnet.pl                                                       0b      0b      0b
                                                                       <=                                                                         12.8Mb  12.7Mb  4.23Mb
078088184232.gliwice.vectranet.pl                                      => server-54-192-231-46.waw50.r.cloudfront.net                                0b      0b      0b
                                                                       <=                                                                            0b   2.12Mb  2.66Mb
078088184232.gliwice.vectranet.pl                                      => host-188.117.149.2.static.3s.pl                                            0b      0b      0b
                                                                       <=                                                                         17.0Kb   108Kb   159Kb
078088184232.gliwice.vectranet.pl                                      => pirxnet.pl                                                                 0b      0b      0b
                                                                       <=                                                                            0b   3.52Kb   900b
078088184232.gliwice.vectranet.pl                                      => ae6bee98fe393bd2a.awsglobalaccelerator.com                                 0b      0b      0b
                                                                       <=                                                                            0b    589b    774b
078088184232.gliwice.vectranet.pl                                      => dns.google                                                                 0b      0b      0b
                                                                       <=                                                                            0b    269b    302b

In the gargoyle gui I also noticed an increase in bandwidth consumption when running speedtest on a virtual machine.

Regards

badziewiak123 commented 2 years ago

After rebooting the router the firewall worked. I don't know if it matters, but maybe a week or two earlier I was running the wireguard server - just on this router. After a while I turned off the wireguard server.

lantis1008 commented 2 years ago

I read your forum thread earlier in the week and tested mac based restrictions which worked fine.

My suggestion (as was Cezary's) was that the main router was not seeing the devices mac? Maybe it sees the mac of the host device or the other intermediate router? I don't know if you ever addressed this question or checked it.

lantis1008 commented 1 year ago

If you can’t confirm the issue please close

lantis1008 commented 1 year ago

@badziewiak123 please close