Firewall 'not' option


#1

I’m looking for a way of cleaning up the list of firewall entries, for example if I wanted to block all inbound UDP traffic except ports 500, 4500, and 10000 I would have to create 4 rules saying ‘Deny’ on 1-499, 501-4499, 4501-9999, and 1001-65535.

Similarly, If I wanted to force our courtesy wifi (not a Peplink product) to use OpenDNS, somebody could get around the content filter by specifying their own DNS on their device. I want to be able to specify outbound rule “UDP, 192.168.1.22:any, not 208.67.222.222:53, deny”

I could span it over two lines going “UDP, 192.168.1.22:any, 208.67.222.222:53, allow” and “UDP, 192.168.1.22:any, any, deny” but it would be nice to put it in one line.


#2

Hi,

Look like you wish to control your inbound and outbound traffics. Can I suggest this way?

Inbound

  1. UDP, Any:Any, Any:500, Allow
  2. UDP, Any:Any, Any:4500, Allow
  3. UDP, Any:Any, Any:10000, Allow
  4. Any, Any:Any, Any:Any, Deny (Default rule)

Outbound

  1. UDP, 192.168.1.22:Any, 208.67.222.222:53, Allow
  2. Any, Any:Any, Any:Any, Deny (Default rule)