Asterisk vs explicit net in source field
-
I'm trying to understand the significance and difference of having an asterisk vs the specific network in the source field for a firewall rule under a specific interface.
To be more clear, in the screenshot, I'm currently in the VLAN10 tab set of rules. One rule explicitly has VLAN10 as a source and another as an asterisk. But since I'm under the VLAN10 tab and because rules are relative to the interface (incoming) does "*" mean the same as "VLAN10"? When would you use either?
 -
LAN net is the subnet of the LAN interface. So if you have LAN numbered as 192.168.1.1/24, LAN net is 192.168.1.0/24
* is any meaning any source address will match that rule.
Most prefer to use LAN net because there is no reason to allow traffic in that should not be coming in.
Unless there is a reason such traffic should be allowed in such as a downstream router with subnets other than 192.168.1.0/24 behind it.
I don't see anything wrong with that any block rule there.
