Hi,
I added a rule where I want to block external access to the 'local' WAN addresses of a CARP system.
It looks like:
Block IPv4 * ! WAN net, LAN net * WAN_LocalAdresses * * *
I thought that then access from WAN net and LAN net is allowed.
But a ping in the shell from 'master' to 'slave' WAN address is then not possible
It does not work with multiple selected nets.
I had to remove the LAN net to make it work.
Is there a bug in the logic?
Is not the complete result is inverted?
Best regards
Not a bug but one might call it a POLA violation with the "invert" checkbox. Use a nested alias so you have only a single object in the rule.
In my opinion it is a bug.
The functionality is not as written.
Your hint gives a workaround. (Thanks for this)