• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

IP Adress Block

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Misc.] >> ISA Server Programming >> IP Adress Block Page: [1]
Login
Message << Older Topic   Newer Topic >>
IP Adress Block - 2.Apr.2002 6:51:00 PM   
da_anderson

 

Posts: 6
Joined: 2.Apr.2002
Status: offline
I am blocking traffic from specific IP's. Each address has it's own filter and the list is getting long.

Is there a way to block multiple addresses with the same filter? or an add-on product that makes filters for you? It would be nice to just add an IP to a list and it would be blocked. The current setup works, it just takes too many steps.

Thanks da_anderson
Post #: 1
RE: IP Adress Block - 3.Apr.2002 7:16:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi DA,

You might look into the SDK and look for a way to automate this. I'll move this discussion to the Programming area and see if those guys can help.

HTH,
Tom

(in reply to da_anderson)
Post #: 2
RE: IP Adress Block - 4.Apr.2002 10:31:00 AM   
amzweg

 

Posts: 53
Joined: 29.Jan.2002
From: The Netherlands
Status: offline
This can be done.
I have done this the following way:

1. Create a client address set, called blocked or something. This will be your list! Everytime you want to block another address, put the IP number in this list.

2. Create a Protocol Rule to DENY access to all IP traffic for the just created Client Address Set.

This should do the trick!

(in reply to da_anderson)
Post #: 3
RE: IP Adress Block - 4.Apr.2002 4:31:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Amzweg,

Nice solution! I didn't think about this preventing both outbound AND inbound access.

Thanks!

Tom

(in reply to da_anderson)
Post #: 4
RE: IP Adress Block - 4.Apr.2002 9:19:00 PM   
amzweg

 

Posts: 53
Joined: 29.Jan.2002
From: The Netherlands
Status: offline
Thanks,

Whish me luck, tomorrow I am taking the exam, and I know how the product works and now how to get around in it, but with the MS Exams there are allways questions where I do not know exactly what they mean, or where I do not see any correct answer at all.

(in reply to da_anderson)
Post #: 5
RE: IP Adress Block - 5.Apr.2002 7:28:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Amsweg,

Good luck on the exam!

Tom

(in reply to da_anderson)
Post #: 6
RE: IP Adress Block - 20.Apr.2002 12:19:00 PM   
zzz343

 

Posts: 764
Joined: 19.Feb.2002
From: World's 7th Nuclear Power
Status: offline
This is the best [Big Grin] solution , I am also using it from a long time for cable.net setup w/out any prob.

(in reply to da_anderson)
Post #: 7
RE: IP Adress Block - 27.Sep.2002 7:38:00 PM   
smarisetty

 

Posts: 36
Joined: 11.Jun.2001
From: Santa Clara, CA, USA
Status: offline
Can somebody point me to a place which has a list of porn/adult IP addresses compiled to put in this client address set.

(in reply to da_anderson)
Post #: 8
RE: IP Adress Block - 17.Dec.2002 2:35:00 PM   
weinstein_josh

 

Posts: 92
Joined: 15.Nov.2002
From: Toledo
Status: offline
Hello Arno,
I tried your solution about creating a Client Address set containing IP addresses, then creating a Deny Protocol rule with that set. However, I was still able to ping and telnet with an address I supplied in the Client Address set. When I removed the address and created it as a deny Packet filter, it dropped the ping and telnet command. I am curious as to why did this not work with your solution, as I would like to implement your solution?

(in reply to da_anderson)
Post #: 9
RE: IP Adress Block - 18.Dec.2002 12:54:00 AM   
AHIT

 

Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
jdub,

quote:

Hello Arno,
I tried your solution about creating a Client Address set containing IP addresses, then creating a Deny Protocol rule with that set. However, I was still able to ping and telnet with an address I supplied in the Client Address set. When I removed the address and created it as a deny Packet filter, it dropped the ping and telnet command. I am curious as to why did this not work with your solution, as I would like to implement your solution?

Remember a very important fact here.
Protocol rules are for 'cleints' behind ISA.
Packet filters are for access fromteh ISA server machine itself.

When you create the Protocol rule, were you testing from the ISA machine? [Wink]

(in reply to da_anderson)
Post #: 10
RE: IP Adress Block - 20.Dec.2002 9:08:00 PM   
weinstein_josh

 

Posts: 92
Joined: 15.Nov.2002
From: Toledo
Status: offline
I was testing it with an IP address from outside ISA that I put inside the client address set.

Josh

(in reply to da_anderson)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Misc.] >> ISA Server Programming >> IP Adress Block Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts