Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Rule Design
« previous
next »
Print
Pages: [
1
]
Author
Topic: Rule Design (Read 2762 times)
mahescho
Jr. Member
Posts: 63
Karma: 2
Rule Design
«
on:
January 03, 2019, 10:49:33 am »
Hi,
in my setup I've multiple interfaces, VLANs and up links. I'v a mail relay in a DMZ VLAN. The mail relay receives mails and forwards them to the internal mail server. So I've a rule which allows SMTP from the internet to the mail relay and one to allow SMTP from the mail relay to the internal server. For outgoing mail I've one rule to allow SMTP from the internal mail server to the mail relay. Pretty simple so far.
Now I need a rule which allows the mail relay to send mail to the internet but NOT to any other interfaces or VLANs. See my current SMTP rules attached. The first is the one to allow incoming mails but the second will IMHO allow SMTP to any destination even to hosts on other interfaces or VLANs.
What is best practice to design a rule or rule set to get this working as expected? An addition real mail relay on the firewall is no option as I want my mail relay to do the work.
TIA
Logged
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
Mks
Sr. Member
Posts: 272
Karma: 19
Re: Rule Design
«
Reply #1 on:
January 03, 2019, 11:55:20 am »
Hi,
create an Alias RFC1918 with all Private Address ranges.
Use this alias with the invert option as destination.
br
Logged
mahescho
Jr. Member
Posts: 63
Karma: 2
Re: Rule Design
«
Reply #2 on:
January 03, 2019, 07:46:58 pm »
Thanks, works as expected and I can do some thin similar with my internal IPv6 nets.
Logged
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Rule Design