Single Exception to "Block Private Networks"



  • As "Block private networks" is set on the WAN interface, I can't access the Modem connected to that interface on 192.168.1.1

    I'd like to add a single exception to the WAN rules specifically allowing traffic to and from 192.168.1.1 BEFORE the "Block private networks" rule so that rule stays in place for every other private IP but this single one.

    Unfortunately I can not move any rule before the "Block Private Networks" rule.

    (I'm having trouble with one of my ADSL lines and just had the tech here and we couldn't access the modem till I realised that traffic was blocked because of this rule. I'd like to add a permanent exception so other can show a tech around without me being present.)

    Any hints?



  • Could you just replace the "Block Private Networks" rule with manual blocking of the the private network ranges?

    10.0.0.0/8
    172.16.0.0/12
    192.168.0.0/16

    For IPv4



  • I just left this alone for a while as I didn't need access to the Modem, now I think I will need to open the WAN interface to allow communication between the modem on one side and the LAN interface on the other one.
    My LANs are all in the 10.10.x.x, my Modems are 192.168.x.1, WAN interfaces are 192.168.x.10

    What should the rule on the WAN interface look like to block everything but legit traffic from the LAN to the Modem?

    I tried to block 192.168.0.0/16 & 10.0.0.0/8 on the WAN but still can access the modem.
    My rule is:

    BLOCK - IP4 - 192.168.0.0/16 - * - * - * - * - none
    
    BLOCK - IP4 - 10.0.0.0/8 - * - * - * - * - none
    

    But I can still access the Modem connected on WAN.

    (Of course I want to figure out how to block first and then open it just for the modem IP.)
    Thanks



  • So you need to remove the block private address from the WAN interface. Assuming you did this.
    Add an alias for the 3 private networks (172.16.0.0/12, 10.0.0.0/8, 192.168.0.0/16).
    Create a rule in WAN to block from that alias.
    Add a rule above it to allow access to the Modem.
    If you have any rules but the default in LAN, you will need to make sure that you are not restricting outbound.