!dest_port with src_mac ipset #73
Description
I have the following in my firewall4 config:
config ipset
option family 'ipv6'
list match 'src_mac'
list entry 'fc:aa:14:6c:51:ab'
config ipset
option family 'ipv6'
list match 'src_mac'
list entry ...
...
option maxelem '100'
option counters '1'
option comment 'Hosts that can freely use the Internet'
option name 'FFA-to-Internet_v6'
config rule
option ipset 'FFA-to-Internet_v6'
option src 'lan'
option dest 'wan'
option dest_port '!25'
option target 'ACCEPT'
option family 'any'
list proto 'all'
That does not exclude port 25 from the ports that the hosts in the ipset are allowed to use. It's effectively ignored.