2.6.2. What traffic is allowed between Interfaces?
Prev  2.6. Firewall Menu  Next

2.6.2. What traffic is allowed between Interfaces?

The security model of IPCop is that the GREEN network is fully trusted and any requests from this network, whether initiated by a user or by a machine infected with a virus, Trojan horse or other malware is legitimate and allowed by IPCop.

A new feature of IPCop 2.0.0, allows to set policies for each network interface. This makes it possible to allow only specific traffic to RED and IPCop.

The order of trustworthiness of networks in order of increasing trust is:

RED→ORANGE→BLUE→GREEN

Following tables list behaviour of traffic between interfaces and to IPCop depending on configured policy and the rule type required to allow (or disallow) traffic.

Table 2.1. GREEN

Source Policy Destination   Rule Type
GREEN Open IPCop Open for known Services IPCop Access
GREEN Open RED Open Outgoing
GREEN Open ORANGE Open Internal
GREEN Open BLUE Open Internal
GREEN Half-Open IPCop Open for known Services IPCop Access
GREEN Half-Open RED Closed Outgoing
GREEN Half-Open ORANGE Closed Internal
GREEN Half-Open BLUE Closed Internal
GREEN Closed IPCop Closed IPCop Access
GREEN Closed RED Closed Outgoing
GREEN Closed ORANGE Closed Internal
GREEN Closed BLUE Closed Internal

IPsec and OpenVPN interfaces are equal to GREEN and behave the same.

Table 2.2. RED

Source Policy Destination   Rule Type
RED Closed IPCop Closed External Access
RED Closed GREEN Closed Port Forwarding
RED Closed ORANGE Closed Port Forwarding
RED Closed BLUE Closed Port Forwarding

Table 2.3. BLUE

Source Policy Destination   Rule Type
BLUE Open GREEN Closed Internal
BLUE Open IPCop Open for known Services IPCop Access
BLUE Open RED Open Outgoing
BLUE Open ORANGE Open Internal
BLUE Half-Open GREEN Closed Internal
BLUE Half-Open IPCop Open for known Services IPCop Access
BLUE Half-Open RED Closed Outgoing
BLUE Half-Open ORANGE Closed Internal
BLUE Closed GREEN Closed Internal
BLUE Closed IPCop Closed IPCop Access
BLUE Closed RED Closed Outgoing
BLUE Closed ORANGE Closed Internal

Table 2.4. ORANGE

Source Policy Destination   Rule Type
ORANGE Open GREEN Closed Internal
ORANGE Open IPCop Closed -
ORANGE Open RED Open Outgoing
ORANGE Open BLUE Closed Internal
ORANGE Closed GREEN Closed Internal
ORANGE Closed IPCop Closed -
ORANGE Closed RED Closed Outgoing
ORANGE Closed BLUE Closed Internal

Prev  Up  Next
2.6.1. Changes in v2.0  Home  2.6.3. Firewall Settings Administrative Web Page