From UntangleWiki

About Packet Filter

Packet Filter is a Linux firewall called IP tables/Netfilter. The Untangle Server provides a Firewall, but each meets a different set of needs.

Use Packet Filter instead of Firewall only if:

• You are used to using IP tables. Firewall is much easier to configure, so only use IP tables if you're already familiar with this product.
• You need to use Advanced mode. Packet Filter is only available in Advanced mode. Basic mode offers a lot of networking features without exposing you to the complexities of networking. If you don't need packet filter rules, etc., you're better off using Basic mode with Firewall.
• You intend to apply the same firewall settings for all users. Unlike IP tables, Firewall can apply security settings for different users. IP tables apply settings globally, for all users. Firewall works at a different network layer. It works at the application layer whereas Packet Filter works at the transport layer (UDP/TCP/IP) or networking layer--before traffic ever reaches the Untangle Server racks.

Adding Packet Filter Rules

Untangle Server provides a default list of system packet filter rules for IP tables/Netfilter:

• Enabled. These rules are enabled by default, and represent those rules that enabled by default when the Untangle Server's router is in basic mode.
• Disabled. These rules are useful in advanced configurations, though not needed by default.

If the system packet filter rule that you need does not exist in the default list, you can add a custom packet filter rule (called user packet filter rules). Untangle is curious about the rules that users add to the Untangle Server, so contact Untangle Technical Support to let us know when you add custom rules so that Untangle can determine if those rules need to be added to the default list--to make life easier for all users. Thank you!

1. From the Navigation pane, choose Config > Networking.
2. In From the Advanced drop-down menu, select Packet Filter.
3. In the User Packet Filter Rules table, click the add button. An Edit window appears. The rule is enabled (On) by default.
4. Provide an optional description for the rule. Follow the contention for the list of default rules.
5. Specify the packet filter instructions. If you have specific questions, refer to the IP tables man page.
   1. Select a target (action):

      Pass	This action permits a packet to traverse the firewall just as if the firewall weren't present.
      Reject	This action has the same result as Drop, except that the sender is sent an ICMP "port unreachable" error message.
      Drop	This action prohibits a packet from passing, and does not send a response to the sender.

   2. Select the type.

      Source Address	The IP address of the host that sent the traffic.
      Destined Local	Any external interface or external IP address on the Untangle Server. You don't need to specify a value because "any" is the value by default.
      Destination Address	The IP address of the host that will receive the traffic.
      Source Port	The port on the Untangle Server that first receives the traffic.
      Source Interface	The network interface on the Untangle Server that first receives the traffic.
      Protocol	The transport or network protocol that the traffic uses.

6. Click Update. The new rule appears as a row in the table.