Re: How to block IP address from outbound Internet connections.
The idea is to use an accesslist to block outgoing trafiic and to bind this accesslist to the inside interface. In the following example I allow users to use their browsers i.e. port 80 but also to browse websites usign SSL (port 443). All other trafic (e.g. telnet, FTP) is blocked.
access-list user_punishment permit tcp 192.168.1.0 255.255.255.0 any eq www
access-list user_punishment permit tcp 192.168.1.0 255.255.255.0 any eq 443
access-list user_punishment deny ip any any
access-group user_punishment in interface inside
The 3rd item in the accesslist is not needed but it help understanding the proccess.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...