So, I heard this podcast about assorted bogon networks and went to configure a Balance 20x to block some of these networks from leaving the WAN port.
https://www.grc.com/sn/sn-847-notes.pdf
There was a problem blocking outbound traffic destined for the network with a first byte of zero. The 8.1.3 firmware takes a spec of 0.0.0.0 as “any” even though the subnet mask is set to 8.
Since the last 3 zeros of the destination network serve no purpose here, I tried setting the destination to 0.11.11.11 with a subnet mask of 8 (really 255.0.0.0) and that seems to work. Seems to. That is my question. Testing this is beyond me.
FYI: I have been blocking the Local Only subnets such as 192.168.x.x and 10.x.x.x for a long time. Turns up interesting stuff in the Firewall log ![:slight_smile: :slight_smile:](//forum.peplink.com/images/emoji/twitter/slight_smile.png?v=12)
2 Likes
I’d be interested in someone with more tech expertise than me who can confirm that @Michael234’s rule works as intended.
@Michael234 & @PepeLeDrew
Thank you for raised this in the forum.
-
There is a WebUI bug found by Michael234 that 0.0.0.0/255.0.0.0(/8) is not able to defined via the firewall policy.
Hopefully this will be fix for coming firmware.
-
Michael define the firewall rules destination network using 0.11.11.11/255.0.0.0(/8)
The workaround is good. It will able to to have the same blocking destination network for 0.0.0.0/255.0.0.0(/8)
-
You can also consider using Grouped Network as other workaround to define the 0.0.0.0/255.0.0.0(/8)
Attached the test firewall rules for your references and hope it will explain the unclear parts:
3 Likes
What an excellent explanation. Thank you @sitlongs.
2 Likes