Forum Discussion

b_136889's avatar
b_136889
Icon for Nimbostratus rankNimbostratus
Apr 02, 2015

blocking port 80 with a policy at the global level not working

Hi, I am trying to block port 80 on bigip AFM using following rule. But some reason its not getting hit.

curl -sk -u admin:admin https://192.168.6.158/mgmt/tm/security/firewall/policy/ocpolicy/rules -H 
'Content-Type: application/json' -X POST -d '{"name": "dport80","action": "drop","ipProtocol": "tcp","place-before": "first","destination": {},"source": {"ports": [{"name": "80"}]}}'

If I apply a rule saying block tcp protocol it just works fine.

curl -sk -u admin:admin https://192.168.6.158/mgmt/tm/security/firewall/policy/ocpolicy/rules -H 'Content-Type: application/json' -X POST -d '{ "name":"dtcp","action":"drop","ipProtocol":"tcp","place-before":"first","destination":{},"source":{}}'

I am using the BIG IP in a l2 bridge mode, I have 2 vlans and created a vlan group and added a self IP to vlan group.