I want to define two network zones
on the one hand [LOCAL] with several subnets
192.168.001.001 / 255.255.255.000
192.168.002.001 / 255.255.255.000
on the other hand [VPN] with several SuNets
Depending on these two zones I control various accesses of applications
If I am not in VPN, the apps set for this are allowed to access the internet.
If I am connected via VPN, the apps set for this are allowed to access the Internet.
The configuration of [LOCAL] is no problem and works.
The configuration of [VPN] I get only very cumbersome.
I want to exclude following from all networks 0.0.0.0 / 24 to 255.255.255.255 / 24
- 192.168.001.001 / 24
- 192.168.002.001 / 24
- 169.254.001.001 / 24
- 127.000.000.001 / 24
Theoretically this would be quite simple if you enter the 4 subnets in the zone [VPN] and flag them by exclude.
However, this does not seem to work, because with this configuration now also VPN networks are recognized as Local.
Therefore, I suspect that as soon as the first rule hits, all other rules are skipped.
So the subnets of a zone seems to be linked by OR -Operator instead of AND-Operator? Can i change this anyway?
If I configure the single subnets
- 0.0.0.0 to 126.255.255.255
[127.000.000.000]
- 127.000.001.000 to 169.253.255.255
[169.254.000.000]
- 169.255.000.000 to 192.167.255.255
[192.168.001.000 - 192.168.002.000]
- 192.168.003.000 to 255.255.255.255
Which ends up being 16 SubNet entries in the zone. Basically the configuration seems to work. But it is very cumbersome.
Now I have to add two new subnets, and have to adjust the subnet configuration, which will lead to even more rule-chaos.
Can anyone explain how to do this easier and better?
I could not find anything in the documentation, help or forum.
Commodo Firewall 12.2.2.7098