Eu adicionei uma regra rica para bloquear conexões a um servidor DNS para testar outro processo e as capturas de pacote mostram que os pacotes enviados pelo endereço IP especificado pela regra rica a seguir ainda são aceitos.
block
interfaces:
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
dmz
interfaces:
sources:
services: ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
drop
interfaces:
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
external
interfaces:
sources:
services: ssh
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
home
interfaces:
sources:
services: dhcpv6-client ipp-client samba-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
internal
interfaces:
sources:
services: dhcpv6-client ipp-client samba-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
public (default, active)
interfaces: eno16780032
sources:
services: dhcpv6-client samba ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="10.7.6.11/32" drop
trusted
interfaces:
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
work
interfaces:
sources:
services: dhcpv6-client ipp-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
regras ricas: