Difference between revisions of "Firewall Rules"

From LinuxMCE
Jump to: navigation, search
Line 6: Line 6:
 
This page allows you to customize your firewall rules, even disabling the firewall. When first opened you will notice that there are several predefined rules already in place.   
 
This page allows you to customize your firewall rules, even disabling the firewall. When first opened you will notice that there are several predefined rules already in place.   
  
 +
==from 0810 to 10.04==
 
==Options==
 
==Options==
 
[[Image:FirewallOptions.jpg]]
 
[[Image:FirewallOptions.jpg]]
Line 40: Line 41:
  
 
It looks like you can add the mask to specify ranges: 134.78.0.0/16
 
It looks like you can add the mask to specify ranges: 134.78.0.0/16
 +
 +
==from 1204==
 +
 +
===Select Firewall===
 +
select the firewall version (ipv4/ipv6).
 +
 +
===Advanced Firewall Settings===
 +
if selected you see the rules defined on all default or manual defined chains.
 +
 +
===Show all unprocessed rules===
 +
show all rules even if they are not set to the firewall.
 +
 +
===Block TOP20 known attackers===
 +
Greps a list every hour and set those on the chain Blocklist,
 +
a list with the TOP 20 known attackers are blocked to the system.
 +
 +
===Options===
 +
[[Image:[[File:FirewallOptionsNew.jpg]]
 +
 +
===Input Interface===
 +
optioneel.
 +
setting if you chose input or forward.
 +
 +
===Output Interface===
 +
optioneel.
 +
setting if you choose output or forward
 +
 +
===Rule matching===
 +
optioneel
 +
 +
===Protocol===
 +
Here is where you can choose the protocol involved with this rule, or define any protocol by choosing 'IP':
 +
* [http://en.wikipedia.org/wiki/Transmission_Control_Protocol TCP]
 +
* [http://en.wikipedia.org/wiki/User_Datagram_Protocol UDP]
 +
* [http://en.wikipedia.org/wiki/Transmission_Control_Protocol TCP] & [http://en.wikipedia.org/wiki/User_Datagram_Protocol UDP]
 +
* [http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers IP]
 +
 +
===IP version===
 +
Here you can choose if you want the rule to be active for IPv4, IPv6.
 +
 +
===Source Ports===
 +
Choose the Ports to be used in the rule. If you chose 'IP' in the Protocol section then you can define your IP protocol (NOT PORT !!!) number here.
 +
 +
===Destination Port===
 +
Destination port on the core.
 +
If you chose Port Forward (NAT) then you set 80:80 before the : you set the destination port on the core and after the : you set the port to de destination system
 +
 +
===Destination IP===
 +
IP Address of the computer being forwarded to.
 +
 +
===Rule Type===
 +
There are four types of rules available by default:
 +
* Input
 +
* forward
 +
* Port Forward (NAT)
 +
* output
 +
 +
if you add chains then they are listed here too.
 +
 +
the second option is with NAT to set wich type,
 +
for Portforward you need prerouting option.
 +
'''ToDo'''
 +
on not Advanced Firewall settings mode set it automaticly to make it easyer.
 +
 +
===Limit IP===
 +
You can limit rules to specific IP addresses.
 +
you can add the mask to specify ranges: 134.78.0.0/16
 +
 +
===Description===
 +
optioneel
 +
Administrative setting for you as user/network maintainer to see why this rule exists.

Revision as of 13:55, 19 July 2014

Version Status Date Updated Updated By
710 Unknown N/A N/A
810 relevant 21 Aug 2011 Foxi352
1004 relevant 21 Aug 2011 Foxi352
1204 Unknown N/A N/A
1404 Unknown N/A N/A
Usage Information
Firewall Rules Admin Page

This page allows you to customize your firewall rules, even disabling the firewall. When first opened you will notice that there are several predefined rules already in place.

from 0810 to 10.04

Options

FirewallOptions.jpg

Protocol

Here is where you can choose the protocol involved with this rule, or define any protocol by choosing 'IP':

IP version

Here you can choose if you want the rule to be active for IPv4, IPv6 or both.

Source Ports

Choose the Ports to be used in the rule. If you chose 'IP' in the Protocol section then you can define your IP protocol (NOT PORT !!!) number here.

Destination Port

Port to forward requests to.

This option is only available if Port Forwarding is selected in the Rule Type

Destination IP

IP Address of the computer being forwarded to.

This option is only available if Port Forwarding is selected in the Rule Type

Rule Type

There are two types of rules available:

  • Core Input
  • Port Forward

Limit IP

You can limit rules to specific IP addresses.

It looks like you can add the mask to specify ranges: 134.78.0.0/16

from 1204

Select Firewall

select the firewall version (ipv4/ipv6).

Advanced Firewall Settings

if selected you see the rules defined on all default or manual defined chains.

Show all unprocessed rules

show all rules even if they are not set to the firewall.

Block TOP20 known attackers

Greps a list every hour and set those on the chain Blocklist, a list with the TOP 20 known attackers are blocked to the system.

Options

[[Image:FirewallOptionsNew.jpg

Input Interface

optioneel. setting if you chose input or forward.

Output Interface

optioneel. setting if you choose output or forward

Rule matching

optioneel

Protocol

Here is where you can choose the protocol involved with this rule, or define any protocol by choosing 'IP':

IP version

Here you can choose if you want the rule to be active for IPv4, IPv6.

Source Ports

Choose the Ports to be used in the rule. If you chose 'IP' in the Protocol section then you can define your IP protocol (NOT PORT !!!) number here.

Destination Port

Destination port on the core. If you chose Port Forward (NAT) then you set 80:80 before the : you set the destination port on the core and after the : you set the port to de destination system

Destination IP

IP Address of the computer being forwarded to.

Rule Type

There are four types of rules available by default:

  • Input
  • forward
  • Port Forward (NAT)
  • output

if you add chains then they are listed here too.

the second option is with NAT to set wich type, for Portforward you need prerouting option. ToDo on not Advanced Firewall settings mode set it automaticly to make it easyer.

Limit IP

You can limit rules to specific IP addresses. you can add the mask to specify ranges: 134.78.0.0/16

Description

optioneel Administrative setting for you as user/network maintainer to see why this rule exists.