Rule with inverted source problem

Started by ednt, February 06, 2025, 10:17:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 06, 2025, 10:17:47 AM
Hi,

I added a rule where I want to block external access to the 'local' WAN addresses of a CARP system.

It looks like:

Block IPv4 * ! WAN net, LAN net * WAN_LocalAdresses * * *

I thought that then access from WAN net and LAN net is allowed.
But a ping in the shell from 'master' to 'slave' WAN address is then not possible

It does not work with multiple selected nets.

I had to remove the LAN net to make it work.

Is there a bug in the logic?
Is not the complete result is inverted?

Best regards
February 06, 2025, 10:35:14 AM #1
Not a bug but one might call it a POLA violation with the "invert" checkbox. Use a nested alias so you have only a single object in the rule.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 07, 2025, 08:15:22 AM #2
In my opinion it is a bug.

The functionality is not as written.

Your hint gives a workaround. (Thanks for this)
Print
Go Up Pages1
User actions