Salut Philippe, Rather than firewall rules to create drops, you need DNATs - see #2 and #4 in Rulz (last updated 2019-04-17) . If you are in Transparent mode, I would expect the DNATs to take priority over the Proxy. If you try that and it doesn't blackhole the HTTP/S request, please let us know. I would make the two rules like the following: DNAT : Internal (Network) -> Any -> Blocked IP : to {240.0.0.1} DNAT : Blocked IP -> Any -> External (Address) : to {240.0.0.1} Cheers - Bob
↧