Making a Rule for WAN access ONLY



  • Hi

    I would like to have a rule that allows OPT1->WAN traffic, but doesn't allow OPT1->LAN or OPT1->OPT2.

    So a rule that would be something like
    Proto: Any
    Source: OPT1 subnet
    port: Any
    Destination: WAN only
    Port: Any
    –-
    Problem being that in 'destination' I can't select anything that would give me WAN "subnet"

    Right know i solve it by having rules to block traffic from OPT1 to my other internal nets, and then a ALLOW from OPT1 to anything.
    But this is not very elegant IMO

    Is this the only way to do it, or am i missing something?  :)

    Best regards,
    Frewald



  • You're missing the aliases.

    Create one that contains all your undesirted subnets and make an "allow all BUT alias" rule for your OPT1 IF.


Locked