Blocking the zero bogon network

So, I heard this podcast about assorted bogon networks and went to configure a Balance 20x to block some of these networks from leaving the WAN port.

There was a problem blocking outbound traffic destined for the network with a first byte of zero. The 8.1.3 firmware takes a spec of as “any” even though the subnet mask is set to 8.

Since the last 3 zeros of the destination network serve no purpose here, I tried setting the destination to with a subnet mask of 8 (really and that seems to work. Seems to. That is my question. Testing this is beyond me.

FYI: I have been blocking the Local Only subnets such as 192.168.x.x and 10.x.x.x for a long time. Turns up interesting stuff in the Firewall log :slight_smile:


I’d be interested in someone with more tech expertise than me who can confirm that @Michael234’s rule works as intended.

@Michael234 & @PepeLeDrew

Thank you for raised this in the forum.

  1. There is a WebUI bug found by Michael234 that is not able to defined via the firewall policy.
    Hopefully this will be fix for coming firmware.

  2. Michael define the firewall rules destination network using
    The workaround is good. It will able to to have the same blocking destination network for

  3. You can also consider using Grouped Network as other workaround to define the

Attached the test firewall rules for your references and hope it will explain the unclear parts:


What an excellent explanation. Thank you @sitlongs.