Community discussions

MUM Europe 2020
 
cavaughan
newbie
Topic Author
Posts: 29
Joined: Sun Nov 09, 2014 8:01 pm
Location: Seattle, WA, USA
Contact:

Discord question

Wed Aug 21, 2019 9:49 pm

Got a question about blocking a computer. On the MK router I have the computer use a static IP and in the firewall I can choose to drop all traffic for that computer. It works for everything except the messaging program Discord. As long as it is open it maintains a connection. HOW?
Curtis Vaughan
Seattle, USA
 
Sob
Forum Guru
Forum Guru
Posts: 4889
Joined: Mon Apr 20, 2009 9:11 pm

Re: Discord question

Wed Aug 21, 2019 10:48 pm

It sounds like you don't drop everything, but only new connections. Rules are processed in order from top to bottom, so if you'd have standard "accept established & related" before you drop rule, it would allow existing connections to survive.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
cavaughan
newbie
Topic Author
Posts: 29
Joined: Sun Nov 09, 2014 8:01 pm
Location: Seattle, WA, USA
Contact:

Re: Discord question

Wed Aug 21, 2019 11:19 pm

Here are the 1st four rules. The rule to block the computer in question is rule No. 3 (counting from 0 - 3), which I put on Drop for Action when wishing to terminate all internet activity. So would I have to basically disable the first rule (as the other 2 are to permit VPN connectivity), then enable Drop for Rule 3, then re-enable Rules 1?
Screenshot from 2019-08-21 13-17-38.png
You do not have the required permissions to view the files attached to this post.
Curtis Vaughan
Seattle, USA
 
Sob
Forum Guru
Forum Guru
Posts: 4889
Joined: Mon Apr 20, 2009 9:11 pm

Re: Discord question

Thu Aug 22, 2019 12:08 am

No. It's not exactly as I thought. The first one is not real rule, you can't disable it. But it shows that you have fasttrack enabled and I don't know if there's a way to close fasttracked connection. One way would be to permanently disable the whole thing, but it's useful, so it's not the best solution.

Edit: One thing you can try is blocking in raw table, but I'm still not sure if fasttrack bypasses that too or not.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
cavaughan
newbie
Topic Author
Posts: 29
Joined: Sun Nov 09, 2014 8:01 pm
Location: Seattle, WA, USA
Contact:

Re: Discord question

Thu Aug 22, 2019 12:19 am

Blocking in raw table? What is that?
Curtis Vaughan
Seattle, USA
 
Sob
Forum Guru
Forum Guru
Posts: 4889
Joined: Mon Apr 20, 2009 9:11 pm

Re: Discord question

Thu Aug 22, 2019 12:55 am

IP->Firewall->Raw, it's similar to IP->Firewall->Filter. Just use prerouting chain instead of forward. But remember, maybe it won't work either.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
cifzo
just joined
Posts: 12
Joined: Mon Feb 18, 2019 10:35 pm

Re: Discord question

Thu Aug 22, 2019 2:36 am

No. It's not exactly as I thought. The first one is not real rule, you can't disable it. But it shows that you have fasttrack enabled and I don't know if there's a way to close fasttracked connection.
Could you use a script to knock down all the existing connections for that IP?

viewtopic.php?t=137245
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Discord question

Thu Aug 22, 2019 11:25 am

hey, list your fill firewall rule set, for both ipv4 & ipv6.

what I'm wondering: you have fasttrack dummy rule, but not fast track itself..., view is incomplete
fasttrack will bypass most of ip processing for bigger part of packets of a connection, but on regular basis packets will be processed with full path (to refresh connection tracking stats)-> if it's blocked then, connection will be terminated.

also fasttrack will no bypass raw, as it's based on connection tracking, which is established after raw filtering

Who is online

Users browsing this forum: No registered users and 89 guests