Negate / invert a match


is it possible to invert/negate a match in the firewall rules?

like this in
iptables: iptables -A INPUT -s ! -p tcp --dport 80 -J DROP


Destination / Invert
Use this option to invert the sense of the match.

best regards


you cannot invert something in a single rule.

Generally the way to go is to have a default policy that drops everything and then create a rule that allows certain traffic.

This is a lot more explicit and safer to create rules and makes mistakes less likely.

1 Like

How to implement this principle in IPFire:

1 Like