Access Rules: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
m (Dmorris moved page Filter Rules to Access Rules)
No edit summary
Line 1: Line 1:
<span style="display:none" class="helpSource network_filter_rules">Filter_Rules</span>
<span style="display:none" class="helpSource network_filter_rules">Access_Rules</span>
<span style="display:none" class="helpSource network_advanced_access_rules">Access_Rules</span>
<span style="display:none" class="helpSource network_advanced_access_rules">Access_Rules</span>


= Filter Rules =
== Access Rules ==


Filter rules are kernel-level iptables "filter" rules. There are two sections: ''Forward Filter Rules'' and ''Input Filter Rules''.
Access Filter rules apply to sessions destined to the Untangle server's local processes and '''only''' sessions destined to the Untangle server's local processes. These rules have no effect on sessions passing '''THROUGH''' Untangle and are only used to limit and secure access to local services on the Untangle server.  
 
[[Image:112_filter_rules.png|600px|center|Filter Rules]]
 
 
== Forward Filter Rules ==
 
Forward Filter rules apply to sessions transiting '''THROUGH''' the Untangle server. By default this ruleset is blank. Forward Filter Rules are useful for blocking traffic going through the Untangle server.
 
[[Image:Network_filter_rules_example.png|thumb|center|A forward filter rule]]
 
* Enable Forward Filter Rule
** If checked, the rule is enabled. If unchecked the rule has no effect and is disabled.
* IPv6
** If checked, the filter rule will also be active with IPv6 addressing.
* Description
** A description of this rule. This is just for documentation.
* Conditions
** The conditions describing which sessions will match. As documented in [[Rules#Condition_List]]
* Action
** ''Block'' or ''Pass''. ''Block'' means the session dropped silently. ''Pass'' means the session will be passed.
 
The rules are evaluated in order on all new sessions going through the Untangle server as described in the [[Rules]] documentation. The action from the first matching rule is taken, if no rule matches the session is passed. All passed sessions are still subject to processing in the Apps.
 
== Why use Forward Filter Rules ==
 
There are also block/pass rules available in the [[Firewall]] app. There are several key differences that determine when its appropriate to use a Forward Filter Rule vs a Firewall Rule.
 
* Forward Filter Rules still apply to bypassed traffic. The Firewall doesn't see bypassed traffic. This means if you want to block anything that's bypassed you should use the Forward Filter Rule.
* Forward Filter Rules apply to all protocols while Firewall only sees TCP and UDP. If you want to block IP protocols other than TCP and UDP, you should use Forward Filter Rules.
* Firewall Rules have more application-layer conditions available like ''Client has exceeded Quota'' and ''HTTP: Client User OS''. If you need the application-layer conditions you should use Firewall.
* Firewall Rules are evaluated in the Firewall app, so it can be used in policies setup in [[Policy Manager]].
 
== Input Filter Rules ==
 
Input Filter rules apply to sessions destined to the Untangle server's local processes and '''only''' sessions destined to the Untangle server's local processes. These rules have no effect on sessions passing '''THROUGH''' Untangle and are only used to limit and secure access to local services on the Untangle server.  


'''WARNING: Improperly configuring input filter rules can compromise the security and proper functioning of your Untangle server.'''
'''WARNING: Improperly configuring input filter rules can compromise the security and proper functioning of your Untangle server.'''

Revision as of 21:39, 1 September 2017

Access Rules

Access Filter rules apply to sessions destined to the Untangle server's local processes and only sessions destined to the Untangle server's local processes. These rules have no effect on sessions passing THROUGH Untangle and are only used to limit and secure access to local services on the Untangle server.

WARNING: Improperly configuring input filter rules can compromise the security and proper functioning of your Untangle server.

WARNING: Disabling rules in the default configuration may interfere with the proper functioning of many features of Untangle.

There are two rules not enabled by default:

  • Allow HTTPS on WANs - enable this rule if you would like HTTPS access externally.
  • Allow SSH - enable this rule if you would like SSH access to Untangle's SSH service.

WARNING: Changing other settings is Input Filter Rules is not recommended.

Input Filter Rules configuration:

  • Enable Input Filter Rule
    • If checked, the rule is enabled. If unchecked the rule has no effect and is disabled.
  • IPv6
    • If checked, the filter rule will also be active with IPv6 addressing.
  • Description
    • A description of this rule. This is just for documentation.
  • Conditions
  • Action
    • Block or Pass. Block means the session dropped silently. Pass means the session will be passed.

The rules are evaluated in order on all new sessions going to the Untangle server as described in the Rules documentation. The action from the first matching rule is taken, if no rule matches the session is passed.