09-26-2010 08:33 AM
I am trying to create a firewall rule in Norton Internet Security 2010 that I just can not seem to get to work. This rule is to block specific IP addresses from accessing my web server. I am running Apache on Windows 7.
This is the setting for the rule (Smart Firewall / Advanced Settings / General Rules):
I then tested this rule from another computer already connected to VPN (rule matches this host and IP) but the rule does not work. I am able to connect to my web server with out any problems at all. I checked my Apache log and I see my VPN connection logged as normal. I also see the specific IP address I am trying to block from proxy searching my web server in the logs as well.
Just for the heck of it I went back into the Smart Firewall settings and turned on Block All Network Traffic for a duration of 15 minutes. I am still able to connect to my web server from outside my network without any problems at all. I do notice that the Block All Network Traffic is blocking me from most outbound connections (e.g. can open a web page in my browser) but Apache seems to be working fine. I read that Advanced Settings (General Rules) are applied before Program Control rules are. I even went so far as to create a rule spcifically for Apache to block the IP's I am using from the General Rules and it still does not work.
Any idea what I am doing wrong?
09-26-2010 09:07 AM
Welcome to the Norton Community. What version of NIS 2010 do you have? You can get this from Help & Support > About. Is your Windows 7 32 or 64 bit?
Is the computer that you are creating the firewall rule on the one that also hosts your Apache server?
It sounds like you have made the correct settings. But also click on the Network Security Map from the main NIS window. When the security map is displayed what trust level is the other computer set to?
You are also entitled to a free upgrade to NIS 2011 if your subscription is current. You can get this from http://updatecenter.norton.com/.
09-26-2010 09:59 AM
Thank you for the quick reply.
"What version of NIS 2010 do you have? You can get this from Help & Support > About."
I just upgraded to NIS 2011 (188.8.131.52) and rebooted.
"Is your Windows 7 32 or 64 bit?"
I am running Windows 7 64 bit.
"Is the computer that you are creating the firewall rule on the one that also hosts your Apache server?"
"When the security map is displayed what trust level is the other computer set to?"
The other computer does not show in the Network Security Map as I am not connecting to VPN through my home ISP.
I noticed my custom rule was gone after I upgraded to NIS 2011 so I readded it but it still does not work.
The rule is very strick as it is "supposed" to be blocking All ports and connections types in both directions for the specified IP / Host. I am not sure at this point what I may be doing wrong. If there was a way to export the rule and share it here I would.
09-26-2010 06:36 PM
Thanks very much for the update. Please click on History from the main NIS window and then select Firewall Activities from the drop down list. Do you see anything being logged for inbound connections when you reproduce this problem?
09-27-2010 03:45 PM
Not sure what I did but I have it working now. I took "all" rules out for General and Programs and started fresh. Also turned off Auto Program Control and let NIS ask me as programs requested access (specifically Apache). I then put everything back to normal. I added my rule back and it started working, it was also logged like it should be.
Thank you for your assistance and time in helping me with this problem.
09-27-2010 08:08 PM
You are most welcome, though I don't think I really did anything to solve the problem in this case.
One of the things I was going to suggest trying when it came to that point was doing a firewall reset but it looks like you got it working now so that is good.
Thanks for letting me know how things are going.
10-08-2010 03:22 AM
please go to start > run > type services.msc> OK
navigate to the Service called Base Filtering Engine and verify if it is started, if not set it to automatic and reboot your machine.