"
Got it, that all makes sense. Thanks for the answers!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: Firewall Rules Behavior Between Interfaces Question
May 04, 2025, 03:56:33 AM #2
General Discussion / Re: Firewall Rules Behavior Between Interfaces Question
May 03, 2025, 06:21:34 PM
Hi Patrick,
Thanks for the answer.
Ok, I think I understand.
So for interface rules when using Source Address = * it is basically the same as Source Address = Interface net? I'm curious if a client can fake its source address and bypass the Source Address = * rule. They obviously wouldn't be able to see replies but some DDoS attacks are based on setting a source ip address to a different machine's IP so that they get spammed.
Thanks for the answer.
Ok, I think I understand.
So for interface rules when using Source Address = * it is basically the same as Source Address = Interface net? I'm curious if a client can fake its source address and bypass the Source Address = * rule. They obviously wouldn't be able to see replies but some DDoS attacks are based on setting a source ip address to a different machine's IP so that they get spammed.
#3
General Discussion / Firewall Rules Behavior Between Interfaces Question
May 03, 2025, 03:06:05 PM
Hi there,
I did my best to find an answer to this question, so apologies if it's been asked before. I also read the guide on Rules on the docs page.
Let's say I have two interfaces, A and B, on distinct non-overlapping subnets, each with their own Interface rules (no rule groups or anything like that).
And let's say all of A's interface rules start with Source = A net. And let's say B's interface rules also say Source = A net
If I send traffic from A to B, and none of A's rules match, yet one of B's rules matches, does B's matching rule get run at all? What about if B's rule says Source = *
Thanks in advance!
I did my best to find an answer to this question, so apologies if it's been asked before. I also read the guide on Rules on the docs page.
Let's say I have two interfaces, A and B, on distinct non-overlapping subnets, each with their own Interface rules (no rule groups or anything like that).
And let's say all of A's interface rules start with Source = A net. And let's say B's interface rules also say Source = A net
If I send traffic from A to B, and none of A's rules match, yet one of B's rules matches, does B's matching rule get run at all? What about if B's rule says Source = *
Thanks in advance!
Pages1
