2.0.3: Single rule allowing only external traffic?
-
Hi all,
Is there any simple way to create single rule for allowing traffic from local subnet only to Internet? I've about 10 interfaces and often adding/removing several temporary subnets - I'd like to have one rule to allowing users from all local subnets initiate connections to the Internet, but I want to block communication between nearly all local subnets w/o creating dedicated rule for each combination I want to block.
Is there any dynamic list of local subnets I can use to block traffic into? Or have I create block rule for each combination of local subnets I want no to communicate each other?
Hopefuly my question is clear ;)
Thanks!
-tt- -
I would try this (someone should confirm):
Create an alias for all RFC1918 subnets.
Add a single rule in the floating table:
allow all from rfc1918_alias to !rfc1918_alias
and select all your lan interfaces in that rule -
Create another alias with all the subnets that are allowed to communicate.
Above the rule given above add this rule:
allow any from allowedLANS_alias to allowedLANS_alias
again, select all the lan interfaces in that rule.
;) -
Thanks, senser!
I've already tried the first way you mentioned - it seems to be working, but I was wondering if there is some more "systemic" way… :)