PassList understanding
-
Hello everyone,
I want to make sure my understanding of how i want my passlist to be implemented is correct.
I have quite a few directly connected networks. There are2x networks (admin networks) that i want exempt from being blocked.
192.168.50.0/24 and 172.17.0.0/24.I created an Alias defining these, created a custom passlist and assigned to an interface.
My intent is that any traffic passing between directly connected networks not mentioned in the alias can be blocked as opposed to the default passlist which wouldnt block any networks on the firewall.
So traffic passing between my DMZ and Server networks will be scanned and if a signature is matched, will block those hosts.
Traffic passing between my DMZ and admin networks will be scanned but no blocking action is done. I think an alert is still triggered tho? Please correct me if im wrong.edit: I have set my PassList to 'none' on my server vlan. I ran the following command to an apache server running on my LAN
curl -A "BlackSun" wpad.example.comThat alert always triggers. It did not in this case. When i ran the same command but to google.com i get a block on the IPs.
Any ideas as to why the blocks arent working on traffic flows between my directly connected networks?Passlist is assigned to Interface
-
I got it all sorted out. Had to restart the interface three times but no inter-vlan traffic will be blocked. I tested this running a nmap scan between networks not in the PassList.
Setting to 'none' is the best option per the maintainer's notes but i just need a bit of flexibility.