I am trying to set up a simple firewall rule on my 2910 which I cannot get to work. It is to block internet access (and allow FTP) to one specific IP address on the network which is a server. It's address is 192.168.170.108. I make a rule in the data rules section of the firewall section.

Settings:

The source IP address setting is "192.168.170.108"
The destination IP address is "any"
Service type is user defined
Protocol type is TCP/UDP
Source port is 80 to port ~80
Destination port is 80 to ~80
Scroll boxes for the ports are both set to =
I check the tick box to enable the rule,

When I go to the "blocked" PC, it can access the internet with no problems. What am I doing wrong? Any help appreciated.

PS. I must point out if I select "ANY" in the service type, it will block everything from that PC to the outside world, which is of course what I don't want. Also, I can't help notice my current firmware level, 3.2.2, is one more than is actually available for download...IE 3.2.1!?

If you wanted to block http browsing only, change your source port to ANY, but I don't think this is what you are aiming at. It would still allow all sorts of traffic such as https (port 443), telnet, p2p etc.

If the PC is only going to contact the outside world by ftp, your first rule should be Source IP, any ports, any protocol, block if no further match.

You should then have another rule to allow FTP - Source IP, source port = any, destination port = 21, protocol = TCP, allow.

I worked it out by using the [ != port 21]. I.E., Only port 21 using UDP packets can get through.

FTP uses TCP and not UDP.