Firewall working partly, why? ignores some rules

[peter70]

Hi guys,
I have an issue with firewall. I've created 2 rules:
1) accepting pings only form 1 ip,
2) accepting admin panel access only form 1 ip.

Blocking pings form other hosts working.
But blocking admin panel access form other ips does not.

I've restarted whole system but still it ignores 8006 firewall rule.
I've added logging to 8006 port rule and it does not show access from other hosts. But access from other hosts works perfectly.
What am I doing wrong here?

Rules (I'm form 192.168.1.11) and view for other host - ping does not get any response but wget to admin panel gets http 200. Why is that?
What should I check?

 

[dietmar]

You enabled the firewall in Datacenter/Firewall/Options?

 

[peter70]

You enabled the firewall in Datacenter/Firewall/Options?

Yes, obviously since one of rules is working

 

[dietmar]

And what source IP address do you test from? By default all local cluster nodes are allowed to access the API.

 

[peter70]

And what source IP address do you test from? By default all local cluster nodes are allowed to access the API.

I'm testing it from 192.168.1.199
But it should be blocked with these rules, shouldn't it?
icmp is blocked, tcp 8006 is not, that's wired

 

[dietmar]

I'm testing it from 192.168.1.199

This is the same class C network. Please test from another network.

 

[peter70]

And what source IP address do you test from? By default all local cluster nodes are allowed to access the API.

This is the same class C network. Please test from another network.

So it blocks icmp/pings but not admin panel access?
How can I change it?
I found in documentation default firewall rules, but how can I change them? Since gui options don't change them.
I'm not planing to use cluster, I want to lock access.