And if you have non aggregatable addressing you will have to put several "not" rules.
It would be nice to have a grouping function for hosts and networks...
Chris Buechler wrote:
> That's correct, but there are more logical and sensible ways to do
> this. Every site should use subnets that can be CIDR summarized. Then
> you can add subnets without changing any of this, and also permit to
> everything *but* your internal subnets in one rule by using
> destination "not" your internal subnets.
> For example, if you use 192.168.1.0/24, 192.168.2.0/24, etc. through
> 192.168.254.0/24, you can summarize with 192.168.0.0/16. Then allow to
> destination "not" 192.168.0.0/16 and you have what you're after.
This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.