Business Community > All Threads > firewall access control list implicit deny
< All Threads

firewall access control list implicit deny

firewall access control list implicit deny

firewall access control list implicit deny
firewall access control list implicit deny
Yesterday
Tags: #Firewall
Model: ER706W  
Hardware Version: V1
Firmware Version: 1.1.6 Build 20241211 Rel.58391(5553)

Hello,

 

I was under the impression that there would be an implicit deny at end of the firewall access list but my tests show that there is not.  For example I have setup a one-to-one NAT for an internal server and emabled DMZ forwarding.  Immediately after I did this I used a port scan tool and confirmed *al* ports on this server were open to the Internet.

 

In order to open just one port I had to create to rules.  The first rule allows Internet traffic to the one port I need and the second rule denys all other traffic.

 

With these two rules I am able to get my desired securoty config but it also means that there is no implicit deny in the firewall for one-to-one NAT hosts?  Does this make sense?

 

Thanks,

  0      
 
  0      
 
#1
Options
1 Reply
Re:firewall access control list implicit deny
7 hours ago

  @tato386 Thanks for your post. Correct, you will need to make a manual deny rule to achieve your desired config, and then add allow rules with higher priority to control the traffic you want. 

  0  
  0  
#2
Options

Information

Helpful: 0

Views: 34

Replies: 1

Tags

Firewall
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.