Select Firewall Rules in the Advanced mode menu to create a firewall rule that uses
the service you have defined.
a)
b) Select the profile where you want to add a new rule and click Add new rule to create a
new rule.
c) Select Accept or Deny as a rule Type to choose whether the rule allows or denies the
service.
d) Enter details about target addresses to the Remote host field. Enter the IP address and
the subnet in bit net mask format.
For example: 192.168.88.0/29
You can use the following aliases as the target address:
• [myNetwork] - The local-area network with the same subnet on all interfaces.
• [myDNS] - All configured DNS servers.
e) Enter a descriptive comment in the Description field to distinguish this rule.
f) Select the new service you have created in the Service field and the direction when the
rule applies.
• in = all incoming traffic that comes to your computer from the Internet.
• out = all outgoing traffic that originates from your computer.
g) Choose network interfaces to which the rule applies. Type network interfaces you want
the rule to apply to the Flag field. The rule is applied to all network interfaces if you leave
the Flag field empty.
For example, [if:eth0], [if:eth3].
h) Click Add Service to This Rule.
The service is added to the new rule.
i) If you do not want to add other services to the same rule, click Add to Firewall Rules.
Each rule must have at least one service. If the rule contains a new service, make sure
you have saved the service list in the Network Services page.
The rule is added to the active set of rules on the Firewall Rules table.
j) Click Save to save the new rule list.
How Does the Priority Order of Firewall Rules Work?
Firewall rules have a priority order that determines the order in which the rules are applied to
network traffic.
Firewall rules are shown as a list on the Rules page. The rules are applied from top to bottom,
and the first rule that matches the traffic overrides all the other rules below. The main principle
is to allow only the needed traffic and block the rest. Therefore, the last rule of a security level
is the Deny rest rule. It blocks all the traffic that the rules above it do not specifically allow.
F-Secure Linux Security | Using the Product | 55
To Next Page
Loading...
Need help?
General
