Egress Rules not working as expected when deny 0.0.0.0/0

I want to deny all and only allow know networks

table inet firezone {
	chain forward {
		type filter hook forward priority filter; policy accept;
		ip daddr 10.140.0.0/16 accept
		ip daddr 0.0.0.0/0 drop
	}
}

but this isn’t working, I am not able to connect to any of IP in the allowed network.

Hm, likely a rule priority issue. We’ll have to expose a priority for allow/deny rules so that it’s clear which take precedence.

1 Like