Rule with not is not applying well
-
Hell all,
i have firewall that function as wifi and several switch ports for visitors at my workplace .
i have created a pass rule that using NOT to access internet except our local LAN's network ips which i created alias for it, the issue is when i am trying to brows local LAN'S ip i still have access.
following attached with firewall rule , maybe i missed something please advice.Thanks
-
Are you on 1.2.3? If so, you can't use "not" with an Alias in that way. You can on 2.0. IIRC it was a limiation of pf in the underlying OS used on 1.2.3.
EDIT: Sorry, saw the tabs when I looked again, you're on 2.0, that should be working.
-
Though logically it would be easier to read as two separate rules:
block from <vi>to <those networks="">pass from <vi>to<any></any></vi></those></vi>
-
Hi Jimp,
Thanks for the answer, yes i wanted to make two rules in one (access the internet but not local lans),i found out that only one LAN is permitted from all Lan's list alias i dont know why is the reason PF letting communication to this LAN although i am sure i written CIDR correctly 21x.14x.23x.0/24 , i did tested and i saw clearly that firewall block to other LANS and i created rul pass all and disable the other rule and i can access other LANS in other hand when i disable both rule i can't acces any LAN'S so that mean that something in the alias doesn't work regarding 21x.14x.23x.0/24 LAN.
Any idea?
Thanks
btw version is 2.0-RC3 (amd64)
built on Tue Jun 21 23:08:07 EDT 2011