2
VotesACLs: Invert Match
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ACLs: Invert Match
I did notice that I can apply a "Deny" or "Permit" policy on an ACL.
It would be nice to be able to use "invert match".
This is helpful to keep the rule list short.
An example is the following rule:
- Direction: LAN to WAN
- Policy: Permit
- Protocols: TCP, UDP
- Source: L_GuestNET
- Destination: ! [IP Group:] Private_NETs
Here the meaning of the exclamation mark is "invert match".
The IP Group exists of the private IPv4 subnets (RFC 1918).
Sometimes I use CGNAT (RFC 6598) too and add 100.64.0.0/10 to the IP Group.
The rule basically means that IPv4 outbound traffic is permitted, but connecting to Private_NETs is denied.
