Excluding an address
The firewall rule shown in the following example allows all traffic from the 172.16.1.0/24 network except traffic to the 192.168.1.100 server.
To create an instance that excludes an address, perform the following steps in configuration mode.
Step | Command |
---|---|
Create the configuration node for the FWTEST-5 firewall instance and its rule 10. Give a description for the rule. |
|
Allow all traffic that matches the rule to be accepted. |
|
Allow any traffic from the 172.16.1.0/24 network that matches the rule to be accepted. |
|
Allow traffic destined anywhere except the 192.168.1.100 destination address that matches the rule to be accepted. That traffic does not match the rule and invokes the implicit “reject all” rule. |
|
Apply the NEGATED-EXAMPLE instance to inbound packets on dp0p1p1. |
|
Commit the configuration. |
|
Show the configuration. |
|