configuring the firewall for internal networks with permissions, not by denies

[clockwork]

hi there,

i need help with the configuration, maybe im simply missing something

i dont want every subnet to be able to go anywhere, so i turned the rule from accepting to denying anything. so far everythings fine, as im able to decide witch net is able to go where on specified services...

the problem now is: between the subnets, theres no problem, because i can simply add an object witch contains the other ip/subnets. but how am i able to simply set "the internet", as in not private ranges, for target??!? normally on firewalls i can simply tell the destination would be my wan-interface, not only ips/ranges... is there a way to do this?

isnt it common to allow whats permitted? at the moment i cant see how to do this without doing it in the imho wrong way and forbid everything i dont want the subnets to be able to, just to get them in the end of the list to be able to get to the web by the allow anything-rule.

[vshaulsk]

If understand you ..... correct me if I am wrong..... you are trying to create a rule which allows some internal subnet to reach the web.

If I am correct than you have to make the following rule.

Make sure under network you have a service which is http and includes port 80 and 443 (or whatever your web port is)

now in the firewall section in the rules to external networks you make a rule which will allow and IP subnet or an object to reach the http service.

in the firewall you can make log, allow and deny rules for services you defined.