7 comments

Add a comment…

Sign in

prestine

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

• 
• 

UserVoice password

Forgot password?

Create a password

Your name

I agree to the terms of service

Signed in as (Sign out)

Close

Close

Post comment Submitting...

• SW commented  ·  March 5, 2013 7:47 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Would also be great for QoS. Give garanteed bandwith to everything except...

• Akos Szalkai commented  ·  February 21, 2011 8:40 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Oliver, I totally agree with you, and there is already a request about this: http://feature.astaro.com/forums/17359-astaro-security-gateway-feature-requests/suggestions/182157-network-security-logical-not-support-for-packet

• Oliver Hamel commented  ·  February 10, 2011 1:46 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Another example:
  If i am able to negate i can match every public IP by putting the 3 RFC 1918 networks in a group and negate this group in the accordant firewall policy line (!RFC1918).

  And one more:
  I want to match every network outside of my internal.
  Just a negated group with my internal networks inside (!group_internal_networks).

• Akos Szalkai commented  ·  June 25, 2010 7:22 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Frank, I totally agree with you, and there is already a request about it: http://feature.astaro.com/forums/17359-astaro-gateway-feature-requests/suggestions/182157-packet-filter-rules-with-logical-not-entry

• Oxiel Contreras commented  ·  August 28, 2009 2:09 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  It will ease the configuration quite a lot, please implement it ....

• Akos Szalkai commented  ·  May 27, 2009 6:46 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Actually, not packet filter rules, but objects (definitions) with the possibility of negation. Also, groups containing negated objects. They would be extremely useful in NAT rules as well.

• Tim Cronin commented  ·  May 5, 2009 8:57 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  This would help clear up the packet filter list. As it is right now, you would need two packet filter rules to accomplish the role of this single rule.

  Drawback: some end-users may find this confusing at first and it may cause inadvertent attack vectors (as with a lot of config).