Planning to start with building out the firewall rules.
Is there any way to copy rules in firewall , to save having to recreate similar rule?
For example I have 4 VLANS. VLANs are isolated from each other.
I block port 53 out on Wan for 3 VLANs, allow only DNS lookups to internal DNS server 1 and 2.
allow subnet1 to dns server1:53
allow subnet1 to dns server2:53
allow subnet2 to dns server1:53
allow subnet2 to dns server2:53
allow subnet3 to dns server1:53
allow subnet3 to dns server2:53
Is there an easy way to do this on the route 10 firewall rules or will have to create 6 rules?
I tried creating a rule:
allow subnet 1 to dns server1:53, dns server2:53
this was not allowed. so had to create 2.
Have about 35 rules, which could translate to a lot of rules on Route10.
My current router you can create a list of IP address, subnets and FQDN. So i will need to split the many entries encapsulate in one rule to separate rules.
I have a list of ports that are block Wan out; I have a list has 15 UDP PORTS. My old router has one rule to Drop (a list) 15 UDP ports, from 4 subnets ( in a list) Lan to WAN.
Have I misunderstood how to create firewall rules on the route 10, can’t seem to add list of things IP Address or ports. in this case means 4 x 15 ports = 60 rules.
Create 2 or 3 rules in the web-gui, and export them. Open the exported file in a text editor, edit to your needs (to add more rules), save it and import the new version in web-gui. (On the import you can replace or amend existing rules).
I actually did think of this. Hoping the Alta team are looking at improving the firewall GUI.
Just painfully slow and far too easy to make errors and very time consuming.
Also the list creation and management is useful through for example when say country blocking is implemented you need to be able to work with a list select, deselect and view in the firewall.
This is really basic functionality. Past 3 routers I had, offered some way of creating lists to make build firewall rules easy. Should not really need to drop to a text editor for what should be basic functionality.
I will give it a go… cos its HOMELAB.
Only fired up the route to see working ok.
going to hook up a 4G modem for wan and a managed switch setup my current network and see how to translate the rules to the Route 10.
Heres an example: Simple rule to block devices using hardcoded DNS - Droping port 53/853 going from LAN to WAN.
I am still learning the route 10 Firewall - Is there a Guide or Help page to explain the terms.
Questiona :
a) Copy and Paste rules text editor: What is id field do I need to change this ?
b) Do I need to add a numeric index 19, 20, 21, 22… for each rule.
19
id "TFn7sQ"
action "DROP"
source
address "192.168.0.0/16"
zoneIn "lan"
zoneOut "lan"
description "DROP LAN IN IoT to LAN 10./8"
destination
address
20
id "FLxCCa"
action "DROP"
zoneIn "lan"
zoneOut "wan"
protocol
0 "tcp"
1 "udp"
ipVersion "ipv4"
description "Drop WAN OUT LAN DNS 53"
destination
port "53"
21
id "jQSodE"
action "DROP"
zoneIn "lan"
zoneOut "wan"
protocol
0 "udp"
1 "tcp"
ipVersion "ipv4"
description "Drop WAN OUT DNS TLS 853"
destination
port "853"
