0

Discussion topic: Firewall rule failing to block device

Reply
This message was authored by humansfirst This message was authored by: humansfirst

Firewall rule failing to block device

Guys. I'm trying to figure out how to block a device from accessing the wifi on my Sky Hub. I reserved an address for the device using its MAC address in the LAN IP Set up Tab and gave the device a name and a specific IP address. . I then created a firewall rule as per the image. below. The IP address on the device has now changed but the firewall is failing to work and the device can still access the internet. What am I doing wrong?

humansfirst_0-1669553372486.png

 

Reply

All Replies

This message was authored by Suzie10 This message was authored by: Suzie10

Re: Firewall rule failing to block device

Blocking devices on the Sky Hub is a little annoying. I think the problem is IPv6. As the Sky Hub itself doesn't have any MAC address blocking like other routers have, it relies solely on IPv4/6 IP blocking. 

 

What's probably happening is some sites are being correctly blocked on the device (e.g. BBC site) but other sites will still work (like YouTube). I've found what you have to do is also add a rule for the IPv6 side as well. 

 

Under "Attached devices", you should see a IPv6 section with devices showing up. I've found the only way to get a block working is when a device broadcasts an IPv6 address that starts with "2a02:c7c:6471:3c00". As the IPv6 rule automatically fills out the "2a02:c7c:6471:3c00" part, you just have to add the last part of the address in the "Source IPv6 LAN Address" field. 

 

Once you've done the above, it should work. The device will still be able to connect to the network, it just won't be able to load any web pages. Unfortunately, the IPv6 blocking is inconsistent since devices seem to broadcast more than one IPv6 address. So what often happens is the IPv6 address changes which removes the block. Other times the device will not be broadcasting a "2a02:c7c:6471:3c00" address making blocking impossible. 

 

The way around that is perhaps disabling IPv6 on the router. That'll force it to only use an IPv4 connection which should make the block work due to the IPv4 rule and the fact a static IPv4 address has been assigned to the device. However, I've not done this myself, nor know if there's any disadvantage to disabling IPv6. 

 

I have briefly used a router that did not have IPv6 enabled by default and my connection worked OK. So if disabling IPv6 is an option, that's probably what you'd have to do to be able to properly block a device from accessing the Internet.

 

If that's not an option/feasible, getting a third-party router will be the next best option. The third-party router will likely have a proper MAC address block. The Sky Hub is really basic unfortunately. 

This message was authored by Chrisee This message was authored by: Chrisee

Re: Firewall rule failing to block device

Posted by a Superuser, not a Sky employee. Find out more

@humansfirst if the device user is at all technically able they can get round the type of block used by manually changing the IP address on the device. As @Suzie10 says the Sky hub is not particularly advanced but even if it did block by mac address there are ways to get round that as well.

=========================================================
65inch Sky Glass, 3 Sky Streaming Pucks, Sky Ultrafast + and Sky SR213(white Wifi Max hub) main Wifi from 3 TP-Link Deco M4 units in access point mode
humansfirst
Topic Author
This message was authored by humansfirst This message was authored by: humansfirst

Re: Firewall rule failing to block device

Blimey - thanks so much to you both for your comprehensive responses. It looks like I'll need to invest in a 3rd party router then. 

This message was authored by StevenYH This message was authored by: StevenYH

Re: Firewall rule failing to block device

Thanks Suzie for your answer. I have been trying to follow what you suggested

 

"Under "Attached devices", you should see a IPv6 section with devices showing up. I've found the only way to get a block working is when a device broadcasts an IPv6 address that starts with "2a02:c7c:6471:3c00". As the IPv6 rule automatically fills out the "2a02:c7c:6471:3c00" part, you just have to add the last part of the address in the "Source IPv6 LAN Address" field. "

 

but cant seem to get it right or find "Source IPv6 LAN Address" field" could you help me with the steps to do this please. I have tried blocking using the IP address under the Firewall rules but that option didn't block the device

 

Any help would be appreciated

This message was authored by bullfinch23 This message was authored by: bullfinch23

Re: Firewall rule failing to block device

I am having the same problem with setting rules but they do not block access.

Did you manage to find a solution?

Thank you

Reply

Was this discussion not helpful?

No problem. Browse or search to find help, or start a new discussion on Community.

Start a new discussion

On average, new discussions are replied to by our users within 4 hours

New Discussion