raff schrieb:
> I want to block traffic from 192.168.9.8 to 192.168.1.0/24
> excluding 192.168.1.6
> Is there any difference between:
>
> block in all
> pass in on xl1 from 192.168.9.8 to !192.168.1.0/24 modulate state
> pass in on xl1 from 192.168.9.8 to 192.168.1.6 modulate state
>
> and
>
> block in all
> pass in on xl1 from 192.168.9.8 to 192.168.1.6 modulate state
> pass in on xl1 from 192.168.9.8 to !192.168.1.0/24 modulate state
>
> Thanks in advance,
>
Last matching rule wins... so the first would work.
But how about using a table like this?
table <testnet> const { !192.168.1.0/24 192.168.1.6 }
pass in on xl1 from 192.168.9.8 to <testnet> modulate state
- Michael
