Egress Rules not working as expected when deny

I want to deny all and only allow know networks

table inet firezone {
	chain forward {
		type filter hook forward priority filter; policy accept;
		ip daddr accept
		ip daddr drop

but this isn’t working, I am not able to connect to any of IP in the allowed network.

Hm, likely a rule priority issue. We’ll have to expose a priority for allow/deny rules so that it’s clear which take precedence.

1 Like