Rule to public ???



  • Hello,

    i've a firewall with 4 interfaces:

    LAN
    WAN
    DMZ
    MGMT

    The default rule allows traffic to "any". "any" is Internet, DMZ and MGMT. I want only allow Traffic to Internet but not to DMZ, MGMT.

    I've created a "pass rule" with destination 0.0.0.0/1. If I test the rule the traffic to internal is possible but to external traffic is impossible.

    I'm very confused. What is wrong? On each other firewall "0.0.0.0/1" defines "all unknown networks" or in other words "internet".

    How can I create only rule that only has external adresses as desitionation?

    Greetings
    Thomas



  • 0.0.0.0/0 is everything
    0.0.0.0/1 is only 0.0.0.0 to 127.255.255.255

    For your problem: create an alias containing all your local subnets you dont want to allow access to.
    In the rule use as destination: !alias (NOT the alias)



  • Thank you. I know the solution with alias. I've hoped for a better solution because I've more then 20 subnet behind the lan-interface.

    Is there a better solution?



  • What is not good about the solution with an alias containing all you private subnets?


Log in to reply