Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default deny rule IPv4 ignore rules

    Firewalling
    2
    3
    210
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      enricosx
      last edited by enricosx

      i have this error
      Jul 20 08:19:22 LABORATORIOVLAN2 Default deny rule IPv4 (1000000103) 172.16.200.200:38712 8.8.8.8:53 UDP
      but i have a rules
      pass ipv4 source:* port:* destinantion: wan net port:* gateway * queue schedule

      wan ip : public ip 193...../30
      gateway : public ip router isp

      i want only internet , no other vlan or network

      wan : public ip
      vlan2 only this rule
      no floating, no pfblocker or similar
      versione 2.7 community on utm

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @enricosx
        last edited by

        @enricosx
        "WAN net" is only the subnet of the WAN interface settings.

        193...../30

        So just a single IP, which might be the upstream gateway.

        If you want to restrict access to public addresses only, ensure you're using only private network ranges inside your network.

        Create an alias for all private (RFC 1918) IP ranges. I'll call it RFC1918. Add all RFC 1918 networks to it.
        Then use this alias in the pass rule as destination in conjunction with "invert match". So this rule then allows any destinations, but RFC 1918 networks.

        E 1 Reply Last reply Reply Quote 2
        • E
          enricosx @viragomann
          last edited by

          @viragomann "Thank you for the explanation, I thought wan net ip was All public IPs."

          1 Reply Last reply Reply Quote 0
          • First post
            Last post