How to handle Automation Rules that should allow WAN Access

[sustechnik]

Hello,

does anyone know if there is a way to load automation rules last?
does anyone know what the Parameter "Sequence" in Automation Rules is for?

My Problem:
I want to enable Internet Access (to any dst) for sinlge Hosts with Automation Rules -> works but the Rule in Automation is the first that is handled so no further rules match and that is problematic because my Automation Rule has a specific Gateway so the host only can access "any dst" on WAN but not "any" on my other local networks
I have "normal" Firewall Rules that allow Access from a Machine Network to LAN but that is in the "normal" Section of Firewall Rules.

Specific Example (see Attachment):
Edit: the Image is cut because of the Forum layout - here is the image link: https://imagizer.imageshack.com/img922/3561/07wP4r.png


I need the DNS Rule to be before the "Automation Rule" otherwise the Clients won't reach the DNS Service on OPNSense

All Ideas are welcome / Thank you / Best Regards

Max

[JasMan]

Remove the "Quick" setting in the automation rule. Then the rule will match last.

Or create an Internet alias for all non-privat addresses and add it as destination in the rule:

IPv4

Code Select Expand


!192.0.2.0/24
!198.51.100.0/24
!203.0.113.0/24
!169.254.0.0/16
!10.0.0.0/8
!172.16.0.0/12
!192.168.0.0/16
!0.0.0.0/8
!100.64.0.0/10
!127.0.0.0/8
!192.0.0.0/24
!192.88.99.0/24
!198.18.0.0/15
!233.252.0.0/24
!224.0.0.0/4
!240.0.0.0/4
0.0.0.0/0

IPv6

Code Select Expand


!2001:db8::/32
!::/0
!::/128
!::1/128
!::ffff:0:0/96
!::ffff:0:0:0/96
!64:ff9b::/96
!64:ff9b:1::/48
!100::/64
!2001:0000::/32
!2001:20::/28
!2002::/16
!fc00::/7
!fe80::/64
2000::/3