Here is the entire expanded ruleset:
Code: Select all
Accept from whatsinaname
# Prevent Internet sites from requesting LAN resources.
Accept from LOCAL
I'm not sure about the 1st deny. I haven't seen anywhere explicitly that new lines are the separators for rules in a rule set. Also since this is so limited in scope I'm not sure how I could test it.
I hope NSLOOKUPs output will work. If you need me to run it with more options I'll be glad to.
I've redacted the IPv6 info above with variables, I don't want to post my actual IP. I'm only vaguely familiar with nslookup, so I'm not exactly sure what it means when it says the server is "homeportal" (I suspect it's my router). Since it's just a disk station on my lan, I would hope it's not going outside my network.
As far as what sort of trouble I'm having, I don't understand why it's hitting the deny (in the original example). When I'm thinking through the rules, I don't understand logically why what is happening is happening. There is a LOCAL address, so it applies the LOCAL site filter, which then Accepts from LOCAL (except it doesn't?). There is some underlying complexity being masked by this abstraction. In any case I don't understand how it's possible for the Site Predicate for local can be true, while the Action Predicate is false. Maybe I'm just not getting exactly what LOCAL is.