3.6.4. Multiple IP Rule Sets
Overview
NetDefendOS allows the administrator to define multiple IP rule sets which can both simplify and
provide greater flexibility when defining security policies. The default IP rule set is known as main
and is always present in NetDefendOS. Additional rule sets can be defined as needed and are
given a name by the administrator.
Multiple IP rule sets offer advantages which include the following:
• The administrator can break a single large IP rule set into multiple, smaller and more
manageable rule sets which can make the configuration easier to understand.
• A single named IP rule set can be associated with a routing table. This makes implementing
Virtual Routing much simpler since each router can have a dedicated IP rule set associated
with it. See Section 4.5, “Virtual Routing” for more information about this topic.
• IP rule lookup speed can be increased for very large rule sets. This is done by breaking down a
large rule set into several smaller ones. A Goto rule can then be used to jump to a new rule set
for a given type of traffic and a Return rule can be used to jump back to the original rule set if
no other rule set entry triggers.
Once a new IP rule set is created, IP rules and/or policies can be added to it in the normal way.
Example 3.31. Creating an IP Rule Set
In this example, a new IP Rule Set will be created and given the name dmz_rules. This rule set will
be used in later examples and will contain all IP rules related to the DMZ.
Command-Line Interface
gw-world:/> add IPRuleSet dmz_rules
Web Interface
1. Go to: Policies > Firewalling > Additional IP Rule Sets > Add > IP Rule Set
2. Now enter:
• Name: dmz_rules
3. Select OK
Goto Rules and Return Rules
NetDefendOS provides the following two types of special rules for jumping to and backwards
from different IP rule sets:
• Goto Rules
Chapter 3: Fundamentals
235
To Next Page
Loading...
