This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Negation in packet filter

Quick question:

Will it be possible to negate networks and services in future releases?

I.e.:

Allow everything to dmz from all networks EXCEPT internal_net.

I sure hope so.

- Nille

This thread was automatically locked due to age.

Parents

0 KerimS over 23 years ago

Hello Nille.

Your example:
Allow everything to dmz from all networks EXCEPT internal_net.

This is already possible. You have to define 2 Rules in PacketFilter.
1. From internal_net Service Any To dmz Action Drop
2. From Any Service Any To dmz Action Allow

Kerim
Cancel
Vote Up 0 Vote Down

Cancel
0 Nille over 23 years ago in reply to KerimS

I realize that it's possible. It just looks messy with so many rules when one should be able to suffice. This is a common feature among other firewalls.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Nille over 23 years ago in reply to KerimS

I realize that it's possible. It just looks messy with so many rules when one should be able to suffice. This is a common feature among other firewalls.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 haukem over 23 years ago in reply to Nille

Hi,

that's all fine, but what about NAT-rules?
There is no way to define S-NAT with destination "ANY but one special Network". Here I need Negation in the definition of a network object, right?

Markus
Cancel
Vote Up 0 Vote Down

Cancel