<< Back to man.ChinaUnix.net

Outgoing Firewall Administrative Web Page

This subsection allows you to configure the Outgoing Firewall settings for Endian Firewall.

You can globally ALLOW outgoing traffic to RED (Internet) or set the single port for the outgoing traffic.

Globally DENY outgoing traffic to RED and explicitely configure outgoing rules

The following services are allowed by default from GREEN zone:

  • HTTP

  • HTTPS

  • FTP

  • SMTP

  • POP3

  • IMAP

  • DNS

DNS is also allowed by default for all other zones.

Figure 6.10. Adds a new outgoing rule

Adds a new outgoing rule

If you like to add a rule open the Add a new rule dialogue, which will be described below:

Remark

You may add a remark which then helps you to easier identify the rule within the Current rule list.

Enabled

Tick this box on to enable the current rule. You may temporarily disable a rule by ticking it off.

Protocol

The drop down list allows you to choose which protocol this rule will follow. Possible values are UDP and TCP. Most regular servers use TCP. Some game servers and chat servers use UDP. If the protocol is not specified in the server documentation, then it is usually TCP.

Policy

Select the policy you set for this rule. Possible values are:

  • ALLOW - Allows the traffic which applies to the rule.

  • DENY - Silently blocks the traffic which applies to the rule. Dropped connections will be logged by default. You can toggle that off in the Log main menu.

Source Net

This drop down list allows you to choose a whole zone as source net. You will find listed every zone the firewall knows, except the RED one, since that per design of the outgoing firewall of course always is the destination zone. If you like to define the rule more precisely and allow only an ip address, then select use source IP address.

Source IP address

This is optional if you choose a zone before. You can specify an ip address, for example 10.1.1.3, or a network like 10.1.1.0/24, which you want to allow or disallow to access RED.

Log packets which satisfy this rule

Tick this on if you want the firewall to log all connection attempts which satisfy the rule. This for example is convenient for testing purposes. Note that in some countries this may be illegal.

MAC address

This is optional. You may fill in the mac address of a network card which is allowed or disallowed to pass through. If you do not want to specify both, ip address and mac address, but only the mac address, then simply select a zone within source net and leave the source ip address field blank.

Destination IP address

This is optional. If you want to limit or deny access to a specific remote address you may fill in an ip address like 68.163.90.13 or a network like 68.163.75.0/24.

Destination port

This is probably the most important fields for you, however it is nevertheless optional. Fill in a destination port if you want this rule to be limited to a remote service. For example you can create a rule which allows access to all HTTP (web) servers, by specifying port 80 and leaving all other fields empty.

Once you have entered all the information press Add. This will move the rule to the next section, and list it as an active rule.

Figure 6.11. Lists all current outgoing rules

Lists all current outgoing rules

Current rules lists the rules that are in effect. To remove one, click the Trash can icon. To edit one, click the Yellow pencil icon. To enable or disable a rule - click on the Enabled icon (the checkbox in the Action column) for the particular entry you want to enable or disable. The icon changes to an empty box when a rule is disabled. Click on the checkbox to enable it again.

On top of the table is a checkbos labeled Log accepted outgoing connections. Tick this checkbox on if you want the firewall to log all connections which have been established or tried to and successfully passed the firewall without being blocked. Note that enabling this may not be legal in some countries, but in some other countries this is compulsory.

Globally ALLOW outgoing traffic to RED

You can globally allow outgoing traffic from all zones to Internet simply answering yes on the question disable outgoing firewall ? by selecting yes in the drop down menu below and then clicking on the save button.

Figure 6.12. Globally allow outgoing traffic

Globally allow outgoing traffic

You can go back to the default setting which limits access to RED by answering yes to the question enable outgoing firewall ? by choosing yes in the drop down menu below and then clicking on the save button.

Figure 6.13. Globally deny outgoing traffic

Globally deny outgoing traffic

You will notice a single checkbox, labeled Log accepted outgoing connections. Tick this checkbox on if you want the firewall to log all connections which have been established or tried to and successfully passed the firewall without being blocked. Note that enabling this may not be legal in some countries, but in some other countries this is compulsory.