Firewall logs with Local IP contacting local IP over the internet

I noticed some wierd behavior in our firewall logs: a computer in our subnet 192.168.1.0/24 sending UDP packets in port 161 to an IP in subnet 192.168.20.0 (we don’t have a subnet like that), and the packets going through the LAN to WAN policy. I have installed Sysmon in the computer that is creating this connection, but I don’t know what to look for in it. Does anybody in here have an idea of what is going on? I’m sorry if I’m not giving enough info. I don’t want to mess up giving too much details.

How to block Twitter accounts/pages in firewall that show offensive/adult material?

Instead of blocking all twitter pages/accounts, I would like to block that ones only that may have adult content. Since these accounts are somehow flagged by twitter (you are asked, if you really want to see the contents and you have to give it an okay), I thought there must be a way to block these accounts by a firewall. Actually we are using a Sophos XG with HTTPS decrypt & scan. Any ideas?

OS X Firewall Block all incoming Connections Affecting Software Updates?

I just bought a 2017 Macbook Pro with the latest OS (Mojave). In the OS X Mojave Security and Privacy-Firewall settings, I set Firewall to “Block all incoming connections” as I am extra cautious, but will my software (such as Chrome web browser, Firefox, etc.) still get new updates? For example, will my Firefox browser still get the latest software updates or will I have to manually check for software updates because the firewall is blocking all incoming connections?

Can you see the Firewall Rule that was triggered on Azure Application Gateway WAF

We’re using the Application Gateway WAF in prevention mode and it’s blocking some of our Mobile App Client requests. I switched the WAF into Detection mode and output the logs to Log Analytics. I can see some information about the requests being made and the WAF being triggered, but can’t see which rule was triggered.

Is there a way to see what rule was being triggered? It’s difficult to narrow down the source of the problem without knowing why it’s failing!

Can a firewall block a IP and still accept traffic from it?

Recently two people emailed me and told me they could not access my site. One sent a message showing a traceroute showing that it could not find the destination IP. Something like this:

13  be100-163.fra-5-a9.de.eu (178.33.100.250)  65.850 ms be100-112.fra-1-a9.de.eu (**37.187.231.232**)  65.251 ms  65.443 ms 14  * * * 15  vl1305.bhs-d2-a75.qc.ca (213.251.128.1)  148.361 ms vl1304.bhs-d1-a75.qc.ca (213.186.32.249)  148.057 ms  152.880 ms 

I block the IP 37.187.231.232 in my firewall on port 443 only. This IP belongs to my hosting data centre. I block many of their IPs as I get a lot of scrapping from them.

For me and seemingly the vast majority of traffic, this has not caused a problem.

Can a firewall block a IP and still accept traffic from it? Or do I need to remove these IPs from the firewall?

If so, do you have any recommendations as how to block these IP ranges (OVH). My site is mostly static HTML, so server side is not an option. It seems they would need to be blocked in the firewall, which is not optimal.

ESP32 cannot bypass Firewall

I am using ESP32 (which is Arduino based microcontroller with to connect to a Unity game I am building on my PC. I am using the PC as a WiFi Hotspot and the ESP32 is connecting to that hotspot using a hardcoded password. However, when it is connected the board’s packets are blocked by my firewall (Windows 10 default Windows Defender Firewall). It works fine once I turn it off. How do I make it so that the UDP packets from the esp32 can bypass the firewall without me needing to completely turn it off?

Android firewall? Blackhole? One IP unreachable

I have a device, an ESP8266-like, connecting my automower to my wan.

If I hardcode the address to 192.168.1.48, it is accessible from my phone and my laptop, among others I guess.

If I hardcode the address to 192.168.1.44, it is not accessible from my phone, but still from my laptop.

I don’t get pings back when pinging 192.168.1.44 from the phone, a traceroute end with the phone’s own IP, as I do when I traceroute to an unreachable address.

In short, something on the phone seems to be blocking that particular IP. Rebooting the phone doesn’t help.

The phone is a OnePlus 5, Android, OxygenOS 9.0.6

How to prevent GCE enforcer from deleting firewall rules?

I’ve had instances on GCE hosting multiple websites for years. Suddenly, without any warning or notice, my instances went unreachable on 6/19.

After wasting several hours trying to debug this, I found that a gceenforcer@system.gserviceaccount.com service account was deleting firewall rules from my account! Even if I click “Enable HTTP/HTTPS traffic” when configuring the instance, a few minutes later the GCE enforcer deletes the rules again.

So many questions (and so frustrating!). What is GCE enforcer? Why is it deleting my firewall rules without permission or notice? How do I disable it?

Windows Firewall Log: Add header for Logging

in Windows Firewall you can log the DROPs or ALLOWs into a log file. That works for me fine. The outputed fields are:

Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path 

But how can I add more details like which rule will be used or which group of firewall rules? How can I configure this output?

Thanks a lot.