2
VotesFeature Request - !ip_group (NOT ip group) support on switch ACLs ?
Feature Request - !ip_group (NOT ip group) support on switch ACLs ?
Im not sure if its possible, but it would allow a great deal of flexibility and potentially release some room on the limited IP_Groups we can make if, like on recent Gateway firmware, we could have a NOT-IP_GROUP and NOT_IP_PORT_GROUP support on switch ACLs
It would greatly help end uses with the rule /port count restrictions on switch rules as well
EG
If i want a switch rule blocking all my LANs except one network 192.168.10..0/24 to something, i could make a rule like
[NOT] 192.168.10.0 > Some_Device
rather than having to list them all as sources separately, or trying to supernet them into groups to reduce rule count as much as possible.
Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6
Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1
Controller: OC300
