4. Asterisk vs explicit net in source field

Asterisk vs explicit net in source field

  • J

    I'm trying to understand the significance and difference of having an asterisk vs the specific network in the source field for a firewall rule under a specific interface.

    To be more clear, in the screenshot, I'm currently in the VLAN10 tab set of rules. One rule explicitly has VLAN10 as a source and another as an asterisk. But since I'm under the VLAN10 tab and because rules are relative to the interface (incoming) does "*" mean the same as "VLAN10"? When would you use either?
    ![Screen Shot 2018-02-02 at 7.02.32 PM.png](/public/imported_attachments/1/Screen Shot 2018-02-02 at 7.02.32 PM.png)
    ![Screen Shot 2018-02-02 at 7.02.32 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-02-02 at 7.02.32 PM.png_thumb)

    0
  • LAYER 8 Netgate

    LAN net is the subnet of the LAN interface. So if you have LAN numbered as 192.168.1.1/24, LAN net is 192.168.1.0/24

    * is any meaning any source address will match that rule.

    Most prefer to use LAN net because there is no reason to allow traffic in that should not be coming in.

    Unless there is a reason such traffic should be allowed in such as a downstream router with subnets other than 192.168.1.0/24 behind it.

    I don't see anything wrong with that any block rule there.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy