What a great product, I unboxed it today, and I am just amazed.
I have one quick question on adding a access list to the firewall.
I have 4 severs on the LAN segment that I don’t want getting to the internet. How do I block them from the Wan.
I know this is a ID-10-T question, but I need to deploy this unit in a few hours, and the product is over whelming and I have never been a great firewall guy.
Thanks
Doc
its a forward chain rule.
Everything is Blocked by default as nothing i spermitted to the internet.
Post your config
/export hide-sensitive file=myconfig
ONe has to assume then you create a rule to allow LAN to WAN?
If so just before this rule (order is important) put in another rule blocking lan to wan for that source-address-list
No, everything is allowed by default in factory firewall. Only new incoming connections from WAN are blocked. So you can either reverse the firewall logic with unconditional drop rule at the end (and allow what you need allowed before that), or you can add blocking rule at the end, something like:
/ip firewall filter
add chain=forward src-address=<server IP> out-interface-list=WAN action=reject