Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rule with not is not applying well

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      tbaror
      last edited by

      Hell all,

      i have firewall that function as wifi and several switch ports for visitors at my workplace .
      i have created a pass rule that using NOT  to access internet except our local LAN's network ips which  i created  alias for it, the issue is when i am trying to brows local LAN'S ip i still have access.
      following attached with firewall rule , maybe i missed something please advice.

      Thanks

      not_rule.png
      not_rule.png_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Are you on 1.2.3? If so, you can't use "not" with an Alias in that way. You can on 2.0. IIRC it was a limiation of pf in the underlying OS used on 1.2.3.

        EDIT: Sorry, saw the tabs when I looked again, you're on 2.0, that should be working.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          Though logically it would be easier to read as two separate rules:

          block from <vi>to <those networks="">pass from <vi>to<any></any></vi></those></vi>

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • T Offline
            tbaror
            last edited by

            Hi Jimp,

            Thanks for the answer, yes i wanted to make two rules in one (access the internet but not local lans),i found out that only one LAN is permitted from all Lan's list alias i dont know why is the reason PF letting communication to this LAN although i am sure i written CIDR correctly 21x.14x.23x.0/24 , i did tested and i saw clearly that firewall block to other LANS and i created rul pass all and disable the other rule and i can access other LANS in other hand when i disable both rule i can't acces any LAN'S so that mean that something in the alias doesn't work regarding 21x.14x.23x.0/24 LAN.

            Any idea?
            Thanks
            btw version is 2.0-RC3 (amd64)
            built on Tue Jun 21 23:08:07 EDT 2011

            net_rule.PNG
            net_rule.PNG_thumb

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.