Personal tools
Packet Filter
From UntangleWiki
About Packet Filter
Packet Filter configures the linux firewall called IP tables/Netfilter. The Untangle Server provides a Firewall, but each meets a different set of needs.
Use Packet Filter instead of Firewall only if:
- You wish to filter what is available on the Untangle Server. For example, you wish to block certain services on the server itself (administration, ssh, etc)
- You need advanced use-cases that may not be supported in Firewall
Adding Packet Filter Rules
Untangle Server provides a default list of system packet filter rules for IP tables/Netfilter:
- Enabled. These rules are enabled by default, and represent those rules that enabled by default when the Untangle Server's router is in basic mode.
- Disabled. These rules are useful in advanced configurations, though not needed by default.
If the system packet filter rule that you need does not exist in the default list, you can add a custom packet filter rule (called user packet filter rules). Untangle is curious about the rules that users add to the Untangle Server, so contact Untangle Technical Support to let us know when you add custom rules so that Untangle can determine if those rules need to be added to the default list--to make life easier for all users. Thank you!
To add a custom packet filter rule:
- From the Navigation pane, choose Config > Networking.
- In From the Advanced drop-down menu, select Packet Filter.
- In the User Packet Filter Rules table, click the add button. An Edit window appears. The rule is enabled (On) by default.
- Provide an optional description for the rule. Follow the contention for the list of default rules.
- Specify the packet filter instructions. If you have specific questions, refer to the IP tables man page.
- Select a target (action):
Pass This action permits a packet to traverse the firewall just as if the firewall weren't present. Reject This action has the same result as Drop, except that the sender is sent an ICMP "port unreachable" error message. Drop This action prohibits a packet from passing, and does not send a response to the sender. - Select the type.
Source Address Matches the IP address of the host that sent the traffic. Destination Address Matches the destination IP address of the session. Destination Port Matches the destination port (server port). Destined Local Matches traffic destined to any of the the Untangle server's IPs or aliases. Protocol Matches the transport or network protocol that the traffic uses. Source Interface Matches the network interface on the Untangle Server that first receives the traffic. Source Address Matches the IP address of the host that created the session (client). Source Mac Address Matches the Mac Address of the client NIC that sends the traffic (N.B. dash notation, not case sensitive e.g. 00-3e-22-0b-9f-f7 and 00-3E-22-0B-9F-F7 are both valid) Source Port Matches the source port (client port). Note: This is normally a random number chosen by client. Do not use unless you know what you are doing.
- Select a target (action):
- Click Update. The new rule appears as a row in the table.
More detail on packet filter rules can be found in this thread:
