Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Asterisk vs explicit net in source field

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 326 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joelones
      last edited by

      I'm trying to understand the significance and difference of having an asterisk vs the specific network in the source field for a firewall rule under a specific interface.

      To be more clear, in the screenshot, I'm currently in the VLAN10 tab set of rules. One rule explicitly has VLAN10 as a source and another as an asterisk. But since I'm under the VLAN10 tab and because rules are relative to the interface (incoming) does "*" mean the same as "VLAN10"? When would you use either?
      ![Screen Shot 2018-02-02 at 7.02.32 PM.png](/public/imported_attachments/1/Screen Shot 2018-02-02 at 7.02.32 PM.png)
      ![Screen Shot 2018-02-02 at 7.02.32 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-02-02 at 7.02.32 PM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        LAN net is the subnet of the LAN interface. So if you have LAN numbered as 192.168.1.1/24, LAN net is 192.168.1.0/24

        * is any meaning any source address will match that rule.

        Most prefer to use LAN net because there is no reason to allow traffic in that should not be coming in.

        Unless there is a reason such traffic should be allowed in such as a downstream router with subnets other than 192.168.1.0/24 behind it.

        I don't see anything wrong with that any block rule there.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.