I don’t know if this is the right place, but I have an enhancement idea for firewall address lists. It would be really great if the address field could accept a list of IP addresses.
For example, I want to prevent the management ports of my router from being accessible from any VLANs, but only from the management VLAN. My idea was to create a list of gateways and add just one firewall role to block the traffic.
Unfortunately, this is not possible and I need to create a fw rule for each vlan.
That’s one of the purpose of VLAN to segregate some subnet like your management VLAN where’s the problem? don’t put a router that will do inter-vlan routing for that subnet or better yet make a dedicated VRF for your management VLAN, I’m sorry if i failed to see your point
Lists within lists is not possible.
What is your requirement exactly that would require such a functionality for home or even small business…
That cannot be solved via existing interface list and firewall address list. ???
If using webfig, then you have to create a new list when adding first address to it: IP → firewall → address lsits → add new … in the list field, don’t select existing list from a drop down lsit, but rather type in name of new list. Also add (the first) address … and click apply (or OK). For the second and other addresses, you can then select the name of list from the drop down list.
I guess that inside winbox it’s similar to webfig (but I’m not going to try right now).
If using CLI, you simply add address and name the list, which doesn’t exist previously:
After you successfully create lsit (by adding first IP address to it), you can refer to it in firewall rules (src-address-list=mynewlist … or dst-address-list=mynewlist).
