Is it possible to define an IP range in the rules with **!**192.168.88.10 or something else - meaning: apply the rule to everything except the one device at 192.168.88.10?
Example: I want to apply a rule for DNS traffic, which should apply to all devices in the subnet except a local DNS server with an IP in the local subnet.
I suppose you’re asking about firewall rules …
It is not possible directly as you wrote it. However, you can construct a rule which deals with the exception in the way you want it … and place it above the rule for the rest of subnet. Rules are evaluated from top to bottom and when a rule applies, the rest of rules are not evaluated for the same packet (unless action=passthrough) …
Sure
/ip firewall filter
add action=accept chain=test dst-address=!192.168.88.10
Im with mkx on this one, even though he only drives a Lada.
Best to make the allowable exception rule first for the one IP and then
the rule you want to appy to the rest of the network.