I’m working on a new set of firewall rules for an existing network (none of the firewall settings were done with any planning or forethought), and I’ve got it all planned and mostly implemented. However, I’m having trouble with my final couple rules. What I want them to do is to allow inbound traffic from the internet with a destination of an internal IP, allow inbound traffic from our internal network with a source of an internal IP, and then deny everything else. I do all the specific filtering of unwanted traffic above this, but this should catch and allow all valid traffic and stop any address spoofing from getting out of our network (we provide internet access to home PCs, so I expect viruses and such to get through eventually). However, the rules that I created are not matching any traffic, so I must have something wrong. Here’s the two rules:
Public-E3 is our internet-facing connection, WAN-E2 is our internal wireless-facing connection, and ‘internal’ is a static address list that I created including all of our internal addresses.
Any help would be appreciated, I’ve been staring at this for a while and can’t see why it wouldn’t work.
I do all the specific filtering of unwanted traffic above this, but this should catch and allow all valid traffic and stop any address spoofing from getting out of our network (we provide internet access to home PCs, so I expect viruses and such to get through eventually). However, the rules that I created are not matching any traffic, so I must have something wrong.
You mention the rules aren’t getting any hits, which means they are being handled on rules higher up the chain.
Right below it (at the very bottom) I have an “allow any” rule that still increments and changing that to a “deny any” rule, trying to send traffic fails. So that tells me that it valid traffic is going all the way through my current list.
Okay, I’m kicking myself now. After adding them manually instead of using the address-list (and having that work), I looked at the address-list again. After looking over the addresses one by one, I eventually noticed that they were all disabled. Once I enabled them, it started working (minus one typo and a missed IP on my list). I’m now logging everything that gets past for any valid traffic that I missed and it’s looking good.
P.S. Is there anyway to reorder an address list? One of the entries that I forgot is now at the bottom of the list and it would be better cosmetically to have them sorted.