Block rule for alias with 50+ networks
-
Hello, I have an alias "blacklist" where I put all networks I don't want access or being accessed from, so I did setup two rules:
WAN: protocol ipv4/ * , source: alias "blacklist", port * , destination: any, port * everything else: *
and
LAN: protocol: ipv4 / * , source: any, port * , destination: alias "blacklist", port * , everything else: *and did put them on top of all rules (but the LAN, that is 2nd, after the anti-lockout)
Tried to ping a banned host and still have reply ping. Can someone help me to point up what I still missing? the blacklist alias have 52 networks inside at the moment.
I have a ping allowed rule on wan side but it is after the blacklist deny rule.
Here images:
wan
and lan
TIA, Andrea -
@bly I did see (only now) on LAN side I did put 'TCP' instead of 'any' in the protocol. That was the error...