Rule to public ???
-
Hello,
i've a firewall with 4 interfaces:
LAN
WAN
DMZ
MGMTThe default rule allows traffic to "any". "any" is Internet, DMZ and MGMT. I want only allow Traffic to Internet but not to DMZ, MGMT.
I've created a "pass rule" with destination 0.0.0.0/1. If I test the rule the traffic to internal is possible but to external traffic is impossible.
I'm very confused. What is wrong? On each other firewall "0.0.0.0/1" defines "all unknown networks" or in other words "internet".
How can I create only rule that only has external adresses as desitionation?
Greetings
Thomas -
0.0.0.0/0 is everything
0.0.0.0/1 is only 0.0.0.0 to 127.255.255.255For your problem: create an alias containing all your local subnets you dont want to allow access to.
In the rule use as destination: !alias (NOT the alias) -
Thank you. I know the solution with alias. I've hoped for a better solution because I've more then 20 subnet behind the lan-interface.
Is there a better solution?
-
What is not good about the solution with an alias containing all you private subnets?
