[ previous ] [ next ] [ threads ]
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How to allow multiple source networks in firewall rules?
 Date:  Mon, 17 Dec 2007 02:26:49 -0600
First you want to create the rules that allow the few subnets access, 
then you create another rule that blocks everyone access. As long as the 
block rule comes after all the accept rules, it should work exactly as 
you want it to. The block rule is a "block all" rule. Since the allow 
rules come before it, they will match first and you won't have to worry 
about block all rule overriding anything.

That's about the idea of it, unless you mean in more technical detail.

Joe Lagreca wrote:
> I have a rule that allows https traffic to an internal IP.  However, I want
> to limit https to a few subnets.  Can I do this all in the same rule, by
> somehow listing multiple networks to allow or do I have to create multiple
> rules to allow each network?