Newbie question - how do you create a Network Definition that covers all traffic coming in on the external interface only? On other firewalls Ive used, something along the lines of "External Network" usually covers this but as I understand it on the Astaro, this only covers the external address subnet, not the internet as a whole. I can see that the "Any" definition is OK for most rules but are there not occasions when you'd only want a rule to apply to traffic coming in from the external NIC, and not affect internal routing? Its probably obvious so apologies in advance
[ QUOTE ] I can see that the "Any" definition is OK for most rules but are there not occasions when you'd only want a rule to apply to traffic coming in from the external NIC, and not affect internal routing?
[/ QUOTE ]Using "Any" (0.0.0.0) for the traffic coming in through the WAN interface will cover all traffic from the Internet. Internal routing is not affected by this. you can create separate filter rules for the traffic you wish to allow to pass between the DMZ network and the Internal network, as an example.
The key issue you need to pay attention to in the creation of packet filter rules is the order of the rules, since the allow or drop filtering action will be done by the first rule that matches the port and IP addressing in the packet header.
