The Firewall Outgoing feature lets you block or allow certain kinds of traffic from leaving your network.
The Egress Firewall applies to traffic from the LAN
passing through the firewall. It does not
apply to traffic originating from ClearOS
If you did not select this module to be included during the installation process, you must first install the module.
You can find this feature in the menu system at the following location:
The Firewall Outgoing feature is useful for blocking/allowing instant messaging, chat, certain type of downloads, and more. You may also want to block traffic using the Protocol Filter, so make sure you review that feature as well.
You have two ways to block/allow traffic:
Choose an Outgoing Mode
There are two modes to the Firewall Outgoing system:
Outgoing Traffic - By Port/Service
Destination Ports prevents/allows a connection on a particular port/service. For instance, adding port 80 (web) disables/enables web-surfing for your entire local network.
Outgoing Traffic - By Host/Destination
Destination Domains allows you to block/allow certain networks and sites. For instance, if your outgoing mode is set to allow all outgoing traffic, you could block the entire island nation of Tuvalu (why would you do that?) by adding the 220.127.116.11/19 network to the block list. The “Destination Domain” can be a Domain, IP address or Subnet (in CIDR or IP/netmask form).
It is not advisable to block by domain name as the firewall will convert the domain name to an IP address before applying the rule. If the IP address changes because of things like load balancing, the domain will no longer be blocked. If a domain uses multiple IP's (e.g. google.com) you need to block the whole range of IP's.
If you block destinations with the firewall bear in mind that users of the proxy may not be blocked. If you require proxy users to be blocked, your best option is to block the destinations using the Content Filter
Other Blocking Methods