Outgoing Rules
Rules are checked from top to bottom, stopping after the first match. They can match:
- By address: 192.168.0.1
- By network: 192.168.0.1/24
- By network scope: Localhost, LAN or Internet
- By domain:
- Matching a distinct domain: example.com
- Matching a domain with subdomains: .example.com
- Matching with a wildcard prefix: *xample.com
- Matching with a wildcard suffix: example.*
- Matching domains containing text: *example*
- By country (based on IP): US (two-letter country codes according to ISO 3166-1 alpha-2)
- By AS number: AS123456
- By filter list - use the filterlist ID prefixed with L:: L:MAL
- Match anything: *
Additionally, you may supply a protocol and port using this format: <host> <IP protocol>/<port>.
Protocols and ports may be specified using numbers (6/80) or names (TCP/HTTP).
Port ranges are defined by using a hyphen (TCP/1-1024). Omit the port to match any.
Use a * for matching any protocol. If matching ports with any protocol, protocols without ports will not match.
Rules with protocol and port definitions only match if the protocol and port also match.
Ports are always compared to the destination port, thus, the local listening port for incoming connections.
Examples:
- 192.168.0.1 TCP/HTTP
- LAN UDP/50000-55000
- example.com */HTTPS
- 1.1.1.1 ICMP
Important: DNS Requests are only matched against domain and filter list rules, all others require an IP address and are checked only with the following IP connection.