Description:
The Content Filter checks Internet traffic on TCP ports 80 and 443 (HTTP and HTTPS). The Content Filter is not able to check other ports or UDP traffic. However, more and more websites and web browsers prefer to use the QUIC protocol (Quick UDP Internet Connection), which usually uses UDP port 443. This data traffic therefore cannot be checked by the Content Filter and websites accessed in this way cannot be blocked.
Since the firewall in LCOS follows an implicit allow-all strategy, all data traffic is initially permitted. In order to prevent data traffic via QUIC and force HTTPS instead, a firewall rule must be created which blocks outgoing data traffic on UDP port 443. Web browsers then automatically fallback to HTTPS.
This article describes how to prevent data transmission via the QUIC protocol by means of a firewall rule, so causing a fallback to HTTPS, which the Content Filter is able to check.
Requirements:
- LCOS as of version 10.50 (download latest version)
- LANtools as of version 10.50 (download latest version)
Procedure:
1) In LANconfig, open the configuration dialog for the router and go to the menu item Firewall/QoS → IPv4 Rules → Rules.
2) Click the Add button to create a new entry.
3) Enter a descriptive name for the firewall rule (in this example DENY-QUIC-INTERNET).
4) Go to the Actions tab and check that the action object REJECT is in place.
5) Go to the Stations tab, under Connection source select the option connections from the following stations and click Add → LOCALNET.
The stations object LOCALNET includes all of the local networks configured on the router. You can also enter one or more networks instead.
6) Navigate to the Services tab. Under Protocols/target services select the option the following protocols/target services and click Add.
7) Click Create new service object to create a filter object for the QUIC protocol.
8) Enter a descriptive name for the filter object (in this example QUIC).
9) Go to the Services tab, select the Custom protocols and click Edit custom protocols.
10) Under IP protocols, select the option UDP and add the port 443 into the Ports field.
11) The firewall rule table should appear as shown below.
12) This concludes the configuration of the firewall rule. You can now write the configuration back to the device.
