Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block rule for alias with 50+ networks

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 1 Posters 452 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BlyB Offline
      Bly
      last edited by

      Hello, I have an alias "blacklist" where I put all networks I don't want access or being accessed from, so I did setup two rules:
      WAN: protocol ipv4/ * , source: alias "blacklist", port * , destination: any, port * everything else: *
      and
      LAN: protocol: ipv4 / * , source: any, port * , destination: alias "blacklist", port * , everything else: *

      and did put them on top of all rules (but the LAN, that is 2nd, after the anti-lockout)

      Tried to ping a banned host and still have reply ping. Can someone help me to point up what I still missing? the blacklist alias have 52 networks inside at the moment.

      I have a ping allowed rule on wan side but it is after the blacklist deny rule.
      Here images:
      wan
      7a40100e-d65d-4515-8731-70b059271625-image.png
      and lan
      18fcffc1-7066-4f99-ab10-260d45f6b26f-image.png
      TIA, Andrea

      BlyB 1 Reply Last reply Reply Quote 0
      • BlyB Offline
        Bly @Bly
        last edited by

        @bly I did see (only now) on LAN side I did put 'TCP' instead of 'any' in the protocol. That was the error...

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.