SnapGear 2.0.1 User Manual
Page 80
Firewall
76
Rules
Once addresses and services have been defined, you can create filter rules. Click
Rules. Any rules that have already been defined will be displayed. Click New to add a
new filter rule, or select an existing filter and click Modify.
Note
The first matching rule will determine the action for the network traffic, so the order of the
rules is important. You can use the buttons on the Packet Filtering page to change the
order. The rules are evaluated top to bottom as displayed on the Packet Filtering page.
Adding or modifying a rule is shown in the following figure:
Figure 6-6
The Action specifies what to do if the rule matches.
•
Accept means to allow the traffic.
•
Drop means to disallow the traffic.
•
Reject means to disallow the traffic, but also send an ICMP port unreachable
message to the source IP address.
•
None means to perform no action for this rule. This is useful for a rule that logs
packets, but performs no other action. It can also be used to temporarily disable a
rule.