2.6.10. Firewall Rules Administrative Web Page

All rules are a combination of source, destination and a destination service. The exception is Port Forwarding, see below.

2.6.10.1. Add a new Rule

In the first section you click one of the buttons to add a rule for the particular task.

Figure 2.60. Add a new rule

Add a new rule section

Source is a combination of interface(s) and address(es).

Destination is a combination of interface(s) and address(es).

Rules can be given Accept, Drop and Reject actions.

Logging is an option which can enabled for each rule.

When Advanced mode is enabled, it is possible to add a Source Port to the rule.

When Advanced mode is enabled, it is also possible to add a timeframe when the rule is active.

2.6.10.2. Outgoing Traffic

Control traffic from internal networks to external (RED = Internet). If policy is 'half-open' or 'closed' you need to create a rule for any traffic you want to allow.

2.6.10.3. IPCop Access

Control traffic from internal networks to IPCop. If policy is 'closed' you need to create a rule for any IPCop service that you want to use (including services like DHCP, DNS, Time, etc.).

If you wanted to add a Rule to avoid logging Netbios Services on your Green Network, you would add it in this section.

2.6.10.4. Internal Traffic

Control traffic between internal networks. For instance, create a pinhole between Orange and Green networks.

This button will only be visible if you have a Blue and/or an Orange interface.

2.6.10.5. Port Forwarding

Forward traffic from external (RED, Internet) to an internal network.

Port Forwards are special. The source interface is always Red. Destination is split into an 'intermediate' destination; IPCop external address or alias address, and a 'final' destination, which is the internal server that needs to be accessible from the outside.

2.6.10.6. External IPCop Access

Control traffic from the Red interface to IPCop.

2.6.10.7. Current rules

Any rules you have created are listed in the second section.

In the example below, the DropNoLog Service Group we created earlier is applied to the Green and Blue Networks, and logging is turned off.

Figure 2.61. Example of a rule

Example of a rule clipping

To enable or disable a rule - click on the checkbox in the Action column for the particular rule you want to enable or disable. The icon changes to an empty box when the rule is disabled. Click on the checkbox to toggle the setting.

To enable or disable logging a rule - click on the Logging icon for that particular rule. An icon with a red cross indicates that logging is disabled. Click on the icon again to toggle the setting.

To edit a rule click on its Yellow Pencil icon. The settings will be redisplayed on the input form. Make your changes and click the Save button on the form.

To copy a rule click on the Two Yellow Pencils icon for the particular rule you want to copy. The settings will be displayed on the input form. Make your changes and click the Save button.

To delete a rule click on its Trash Can icon.

When you have more than one rule in a section, you can change the order of the rules by clicking on the Up or Down arrows in the Action column.