One Rule to allow IN/OUT of a IP address?
-
Hello. I wanna know how to do a Firewall Rule that allows EVERYTHING IN/OUT on a single IP (On WAN)
Rule:
→ Everything that comes from IP X.X.X.X is ALLOWED
→ Everything that goes to IP X.X.X.X is ALLOWED. -
@raulchiarella You technically don't do it all like that.
You can set the first instance (everything that comes from IP address is allowed) with a simple rule on your WAN interface. Make a new WAN rule and set it up like this:
Action: Pass
Interface: WAN
Address Family: IPv4
Protocol: any
Source: single host or alias (add the external IP address here)
Destination: single host or alias (add the internal IP address here)
Destination port range: If it's a specific program or traffic and you know the port, you can add that here. This can also be left blank.
Description: give it a good name hereThe external IP address is the machine out on the internet (or other network) where you are trying to come in from. The internal IP address is the machine on the inside of your network that you're trying to get to.
The "don't do it like that" comment, you don't have to add the "everything that goes to IP address" part. That's built into the same WAN rule from above.
-
Of course if you are NATing between WAN and LAN (most soho installs) adding a rule like that will only allow traffic to reach services on the firewall itself. You would need inbound NAT rules to reach anything behind the firewall.
Steve