search

WaterByWind / edgeos-bl-mgmt

Automated updating of EdgeOS firewall network-group to be used as source address blacklist
MIT License
196 stars 40 forks source link

Config question #17

Closed jimmyeao closed 3 years ago

jimmyeao commented 5 years ago

More a question than an issue. I have this setup as per the readme however it is not 100% clear to me, should the FW policies (e.g. WAN - LAN ) have interfaces defined? same question for Nets4-BlackList etc, should they have a network defined? (currently empty)

Many thanks :)

vincent1890 commented 4 years ago

same question

Actually rules: IPv4 Firewall "WAN_IN" IPv4 Firewall "WAN_LOCAL"

blisstik commented 4 years ago

Would like to bump this question. Also, I'm pinging some of these IPs and still getting reply. Is this inbound only?

WaterByWind commented 4 years ago

The firewall policies should be applied to relevant interfaces, yes.

Or more precisely you would add a rule to your existing policy for the appropriate direction on the appropriate interface. For instance, create a rule in your WAN_IN policy that uses the noted groups, and do the same for your WAN_LOCAL.

The rule should have a match on the network group with action 'drop'.