When configuring ACL (WiFi / Ethernet) on cnPilot (GUI or via cnMaestro) the default behavoir is:
- No rule in ACL → all packets are acceped/forwarded
- Rule(s) in ACL → all packets not matching on rule are blocked
The way this works is not comprehensible (at least for me). Also it can lead to problems when trying to set ACL on ethernet for the first time (all traffic gets blocked including to/from cloud).
Either keep the “not empty list default behavoir” and “empty list default behavoir” the same (all packets are acceped/forwarded, not matching any rule) or make the default behavoir configurable.
I guess most of us who uses these ACLs want to block certain (very specific) traffic, so in my opion the easiest solution is keeping default behavior the same on empty and not empty lists.
Thanks a lot!