netnoob
(net noob)
1
Hi,
is it possible to invert/negate a match in the firewall rules?
like this in
iptables: iptables -A INPUT -s ! 192.168.1.0/24 -p tcp --dport 80 -J DROP
or:
opnsense:
Destination / Invert
Use this option to invert the sense of the match.
best regards
ms
(Michael Tremer)
2
Hello,
you cannot invert something in a single rule.
Generally the way to go is to have a default policy that drops everything and then create a rule that allows certain traffic.
This is a lot more explicit and safer to create rules and makes mistakes less likely.
1 Like
cfusco
(cfusco)
3
1 Like