Business CommunityGatewaysfirewall access control list implicit deny
Gateways

firewall access control list implicit deny

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

firewall access control list implicit deny

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
firewall access control list implicit deny
firewall access control list implicit deny
2025-10-09 20:31:57 - last edited 2025-10-13 07:14:41
Tags: #Firewall
Model: ER706W  
Hardware Version: V1
Firmware Version: 1.1.6 Build 20241211 Rel.58391(5553)

Hello,

 

I was under the impression that there would be an implicit deny at end of the firewall access list but my tests show that there is not.  For example I have setup a one-to-one NAT for an internal server and emabled DMZ forwarding.  Immediately after I did this I used a port scan tool and confirmed *al* ports on this server were open to the Internet.

 

In order to open just one port I had to create to rules.  The first rule allows Internet traffic to the one port I need and the second rule denys all other traffic.

 

With these two rules I am able to get my desired securoty config but it also means that there is no implicit deny in the firewall for one-to-one NAT hosts?  Does this make sense?

 

Thanks,

0
0
#1
1 Accepted Solution
Re:firewall access control list implicit deny-Solution
2025-10-10 16:39:32 - last edited 2025-10-13 07:14:41

  @tato386 Thanks for your post. Correct, you will need to make a manual deny rule to achieve your desired config, and then add allow rules with higher priority to control the traffic you want. 

Check out our subreddit, r/Omada_Networks! Want to help test and give feedback on new products? Sign up for the US Enterprise Beta Program here! Need a ticket? Contact Technical Support
Recommended Solution
0
0
#2
1 Reply
Re:firewall access control list implicit deny-Solution
2025-10-10 16:39:32 - last edited 2025-10-13 07:14:41

  @tato386 Thanks for your post. Correct, you will need to make a manual deny rule to achieve your desired config, and then add allow rules with higher priority to control the traffic you want. 

Check out our subreddit, r/Omada_Networks! Want to help test and give feedback on new products? Sign up for the US Enterprise Beta Program here! Need a ticket? Contact Technical Support
Recommended Solution
0
0
#2

Information

Helpful: 0

Views: 426

Replies: 1

Tags

Firewall
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.