I hope someone can help me with this. In my hotspot I want to set up firewall rules that allow specific users to access specific SMTP servers, but otherwise SMTP access would be blocked. Here is an example:
If source IP is 192.168.1.1 then access to target IP 18.104.22.168:25 is OK
If source IP is 192.168.1.2 then access to target IP 22.214.171.124:25 is OK
All other port 25 access is rejected
The difficulty is that the source/target pairs change on a daily basis and there are a lot of them. That means that I want to avoid having to write a firewall rule for each one. I would rather have a single firewall rule with address lists.
if source IP is on LIST1 and target IP is on LIST1 then TCP,port(25) is OK
if source IP is on LIST2 and target IP is on LIST2 then TCP,port(25) is OK
My problem is that I cannot set up the rule to allow connections where the Src and Dest address lists are the same. I have to specify the exact name ... so this will not take me closer to my single rule goal ... unless there is a way to somehow use dynamic names or variables for the names of the address lists . Is this possible somehow? ... or maybe the name of the list could be a paremeter like the source IP address?
Another possible (half) solution is to group source IPs to a SOURCE list and target IPs to a TARGET list and use the following rule
if source IP is on SOURCE and target is on TARGET, then TCP,port(25) is OK
... but this still allows a lot of connections that I would rather not have.
Does anyone have a better idea on how to handle this situation?