In the detailed view it is possible to create or edit the firewall rules. The following settings are available:
• | Activate rule: Mark or unmark this checkbox if you want to activate / deactivate the rule. |
• | Source address: Enter a Host/Net alias or a Host/Net group or choose CUSTOM and enter an IP address or a network address in the textfield. If the packet comes from this IP or network address the rule will match. If the source address for this rule is irrelevant, choose the option ANY from the selection field. If all addresses except the chosen one should be included, mark the checkbox except besides the textfield. |
• | Destination address: Enter a Host/Net alias or a Host/Net group or choose CUSTOM and enter an IP address or a network address in the textfield. If the corresponding packet has the chosen IP address or an IP address in the chosen range as destination address, this rule matches. If the destination address for this rule is irrelevant, choose the option ANY from the selection field. If all addresses except the chosen one should be included, mark the checkbox except besides the textfield. |
• | Service: Service (protocol and port) of the packet. Services can be defined freely and can contain more than one protocols and ports. The definitions of the services are at the module network. If you select ANY, this option is not used for checking the packet. If you select CUSTOM, other fields are displayed to select the protocol and the ports (in case of TCP or UDP). |
• | Status: Checks if the packet is a SYN or a ACK packet depending on the state of the connection. |
• | Action: Action to be executed if the packet matches the rule. Possible values are ACCEPT, DROP, LOG, REJECT, or NONE. |
• | Comment: Describes the rule. |
• | Activate monitoring: Activates the monitoring functionality for the current rule. If you activate this the traffic matching this rule is monitored and can be printed out graphically. Enter a identifier to select the rules at the module Monitoring. |
• | Create a monitoring rule for every IP address in the source: If you entered a network address at the source address field, you can mark this checkbox to create a monitoring rule for each IP address within the network segment you entered above. |
• | Create a monitoring rule for every IP address in the destination: If you entered a network address at the destination address field, you can mark this checkbox to create a monitoring rule for each IP address within the network segment you entered above. |
ATTENTION: If you want to monitor the whole traffic for the net 192.168.0.0/24 you must create monitoring rules in both directions (int -> ext and ext -> int).
Fields, that can only be configured if you choose a specific protocol are the following:
• | Choosing CUSTOM for services and TCP or UDP for protocols: |
• | Source port: Choose a source port. If the packet comes from the selected port, the further options of this rule are checked. If you don't quote a source port, this option will be ignored and not accounted at the proving of the package. You can either choose a port from 1 to 65535 or a certain range. A range of ports can be declared through a start port and an end port, divided by a colon (e.g. 2400:2600 means all the ports from 2400 to 2600). Optionally you can choose all ports from or to a certain port. Entering a colon followed by a port number means all the ports up to this number. By entering a port number followed by a colon you choose all the ports higher than the port number (e.g. :500 means all the ports from 1-500; 500: means all the ports from 500 to 65535). |
• | Destination port: Enter a port in the textfield Destination port. If the packet arrives at the selected port, this rule will match and all options will be checked. The entries in the textfield works like in the selection field Source port. |
• | Choosing CUSTOM for services and ICMP for protocols: |
ICMP-Type: Choose the type of the ICMP-packet from this selection list. Following options are possible. ANY means all types.
|