RFC1918 Outbound Recipe
-
Following this page, I created the floating rule to stop outbound traffic destined for private networks.
It worked as expected, I could no longer reach the GUI on my AT&T ONT.
Next step, add a pass rule above the reject rule for the IP of said ONT so I could access it again.
Here's the wrinkle. With just the reject rule, I get expected result of immediate dropped connection.
With the pass rule above it, it acts the same as a block rule in place, it spins until I get a timeout.
Same when I disable the reject rule. When I disable both, I'm back to having access to the ONT.Question is, what's wrong with my pass rule?
-
Okay, changed the interface to ANY, and it worked.
But why?
-
-
@Bob-Dig
Yes, that worked like a charm.
It's funny, I read through your post a few days ago for some light reading but didn't associate your solution with mine.I definitely need a lot more study with this new OS.
-
You do have Quick enabled on this rule right? Just checking, I have a similar rule and I don't think you should need to disable reply to to make it work but I could be missing something (I have nothing that I need to access the GUI on behind this so don't have a similar pass rule just a reject rule).
-
@tknospdr said in RFC1918 Outbound Recipe:
It's funny, I read through your post a few days ago for some light reading but didn't associate your solution with mine.
Sideways we had an excursion about asymmetric routing that was worthwhile but also had nothing to do with the problem.
@planedrop said in RFC1918 Outbound Recipe:
You do have Quick enabled on this rule right?
You can easily see that in the above screenshot.
-
Yes, I actually tried turning that off during testing but that just gave me an immediate reject, so I turned it back on.
-