direction

direction

Direction of traffic.

Syntax

both | inbound | outbound
Description
Indicates whether the rule applies to incoming traffic, outgoing traffic, or both.

It is important to note that this parameter does not alter the behaviour of the source and destination IP address parameters. If a rule's source IP address corresponds to the local system, a value of 'inbound' would be a contradiction in terms, and the rule itself would be meaningless. The same holds true for a value of 'outbound' in a rule where the destination IP address corresponds to the local system; the rule would never apply to anything.

For instance, on a firewall whose local IP address is 10.4.3.2, the rule:

permit  0.0.0.0 0.0.0.0  10.4.3.2 0.0.0.0  all  any 0  any 0  both  both  outbound

is useless, since traffic whose final destination is the local system can by definition never be 'outbound'.

Consequently, this parameter only has practical use on a router, when the firewall system is neither the source nor the destination.

To avoid confusion, it is generally simplest for non-routing firewalls to set this parameter to 'both' for all rules.

---

[Back: routing]
[Next: log]