i see that i can make a rule to allow if src is in address list
or to deny if src is not in address list
now I have had an experience with another router (netgear) where it did make a very significant difference
any LAN IP that was allowed could not then connect to some bank sites (without geeking of mtu in the router)
but LAN IP that were NOT denyed (ie no rule) was OK
never quite figured out why except it obviously had something to do with MTU and fragmentation
is there a functional difference (ie MTU , speed, latency, whatever) between allowing an IP and Denying all other IPs in ROS
thanx