My rules of thumb for traffic flow rules.
a. For traffic to or from a single subnet USE: SRC or DST address x.x.x.0/24
b. For traffic to or from two or more whole subnets USE: interface lists
c. For traffic to or from remote subnets (not known to the router) USE: firewall address lists
d. For traffic to or from a group of users ( less than a subnet or from various subnets ) WITH OR WITHOUT other whole subnets USE: firewall address lists
An exception to b, is that the management interface list entry may contain only only one subnet ( interface list used in neighbours discovery and in mac-server mac-winbox )
a. For traffic to or from a single subnet USE: SRC or DST address x.x.x.0/24
b. For traffic to or from two or more whole subnets USE: interface lists
c. For traffic to or from remote subnets (not known to the router) USE: firewall address lists
d. For traffic to or from a group of users ( less than a subnet or from various subnets ) WITH OR WITHOUT other whole subnets USE: firewall address lists
An exception to b, is that the management interface list entry may contain only only one subnet ( interface list used in neighbours discovery and in mac-server mac-winbox )
Statistics: Posted by anav — Sun Mar 10, 2024 6:38 pm