Say I want to filter outbound traffic from LAN to WAN with a bunch of different rules for all hosts, and do a separate SNAT policy for a specific LAN IP address. I create a bunch of outbound rules for the whole network, so I'll have to create another bunch for that specific LAN IP with the SNAT policy. Is there anyway around this exponential rule count whenever I want to create another SNAT policy?
For example:
allow DNS from specific-LAN-IP to ISP DNS servers via WAN-alias
allow DNS from LAN to ISP DNS servers via MASQ
allow HTTP+HTTPS from specific-LAN-IP to WAN/Any via WAN-alias
allow HTTP+HTTPS from LAN to WAN/Any via MASQ
and so on.
If there was a separate place for SNAT policies (besides being tied to a specific firewall rule), I could do the specific-LAN-IP to WAN-alias bind once, and then be done with just:
allow DNS from LAN to ISP DNS servers
allow HTTP+HTTPS from LAN to WAN/Any
This thread was automatically locked due to age.
