Default deny rule IPv4 ignore rules

enricosx

i have this error
Jul 20 08:19:22 LABORATORIOVLAN2 Default deny rule IPv4 (1000000103) 172.16.200.200:38712 8.8.8.8:53 UDP
but i have a rules
pass ipv4 source:* port:* destinantion: wan net port:* gateway * queue schedule

wan ip : public ip 193...../30
gateway : public ip router isp

i want only internet , no other vlan or network

wan : public ip
vlan2 only this rule
no floating, no pfblocker or similar
versione 2.7 community on utm

viragomann

@enricosx
"WAN net" is only the subnet of the WAN interface settings.

193...../30

So just a single IP, which might be the upstream gateway.

If you want to restrict access to public addresses only, ensure you're using only private network ranges inside your network.

Create an alias for all private (RFC 1918) IP ranges. I'll call it RFC1918. Add all RFC 1918 networks to it.
Then use this alias in the pass rule as destination in conjunction with "invert match". So this rule then allows any destinations, but RFC 1918 networks.

enricosx

@viragomann "Thank you for the explanation, I thought wan net ip was All public IPs."