Rule with not is not applying well

  • Hell all,

    i have firewall that function as wifi and several switch ports for visitors at my workplace .
    i have created a pass rule that using NOT  to access internet except our local LAN's network ips which  i created  alias for it, the issue is when i am trying to brows local LAN'S ip i still have access.
    following attached with firewall rule , maybe i missed something please advice.


  • Rebel Alliance Developer Netgate

    Are you on 1.2.3? If so, you can't use "not" with an Alias in that way. You can on 2.0. IIRC it was a limiation of pf in the underlying OS used on 1.2.3.

    EDIT: Sorry, saw the tabs when I looked again, you're on 2.0, that should be working.

  • Rebel Alliance Developer Netgate

    Though logically it would be easier to read as two separate rules:

    block from <vi>to <those networks="">pass from <vi>to<any></any></vi></those></vi>

  • Hi Jimp,

    Thanks for the answer, yes i wanted to make two rules in one (access the internet but not local lans),i found out that only one LAN is permitted from all Lan's list alias i dont know why is the reason PF letting communication to this LAN although i am sure i written CIDR correctly 21x.14x.23x.0/24 , i did tested and i saw clearly that firewall block to other LANS and i created rul pass all and disable the other rule and i can access other LANS in other hand when i disable both rule i can't acces any LAN'S so that mean that something in the alias doesn't work regarding 21x.14x.23x.0/24 LAN.

    Any idea?
    btw version is 2.0-RC3 (amd64)
    built on Tue Jun 21 23:08:07 EDT 2011