It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see for further information on our EoS policy.

How to Create a Deny Firewall Rule

  • Last updated on

A Deny firewall rule terminates matching network sessions by replying TCP-RST  for TCP requests,  ICMP Port Unreachable  for UDP requests or  ICMP Denied by Filter  for other IP protocols. Because the remote host receives a reply, it knows that your system is up and running and protected by a firewall.


Create a Deny Firewall Rule

  1. Open the Forwarding Rules page (Config > Full Config > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules ).
  2. Click Lock.
  3. Either click the plus icon (+) in the top right of the rule set, or right-click the rule set and select New > Rule.
  4. Select Deny as the action.
  5. Enter a Name for the rule. For example, ExampleDenyRule.
  6. Specify the following settings that must be matched by the traffic to be handled by the firewall rule:
    • Source – The source addresses.
    • Destination – The destination addresses of the traffic.
    • Service – Select a service object, or select Any for this rule to match for all services.
  7. Click OK.
  8. Drag and drop the firewall rule so that it is the first rule that matches the traffic that you want it to deny. Ensure that the rule is located above the BLOCKALL rule; rules located below the BLOCKALL rule are never executed.
  9. Click Send Changes and Activate.

Additional Matching Criteria

  • Authenticated User – For more information, see User Objects.

Additional Policy

Last updated on