I would love it if somebody would give some examples of working 2.3 firewall rules, and proxy access policies.
The documentation could use some clearing up. Here are a few things I would love clarified: Under Firewall Rules, All policies are read starting from rule 1. If a packet matches a rule, the rule is applied (Allowed, Denied, Rejected, etc.) and no further rules are processed for that packet. Thus, I can have a rule specifying that IP 10.0.0.2 can access the ORANGE interface, but then a rule immediately after that that blocks all traffic to ORANGE, blocking all traffic to ORANGE except for 10.0.0.2? Under Proxy -> Access Policy, the same mechanic is true? I have a policy allowing unfiltered access to my mail server, followed by a policy that filters using the default 'content1' filter. This looks like it works correctly. Next, I'm not sure why my filtering isn't working like it should: I am in Proxy -> Contentfilter -> content1 -> Custom Blacklists. I put 'twitter.com' in there... but it isn't blocked. Also, I have the filtering based on Active Directory and NTLM... which does prompt for user names, and the names show up in the logs... but I can connect using a user who is _not_ in the group I'm allowing access via the content1 filter. Thanks for any information. --Matt Ross Ephrata School District ----- Original Message ----- From: jonas kellens [mailto:jonas.kell...@telenet.be] To: efw-user@lists.sourceforge.net Sent: Wed, 30 Dec 2009 02:27:30 -0800 Subject: Re: [Efw-user] firewall rules are hard to use > Pedro, > > This is the right configuration for port forwarding to a LAN-client : > > Access from : any > Target : <any Uplink> > Port :TCP 51413 > Translate to IP 192.168.1.25 port 51413 > > > "Access from : RED" does not work. I don't understand why. Do you ? > "Target : GREEN" or "Target : 192.168.1.25" does not work. I don't > understand why I can't use my LAN-client as target, as this is the > client to where to portforward ?! > > Even with a good understanding of IPtables, I don't get this 'acces', > 'target' and 'source'. > > Can you maybe post a link to some examples cause I feel that the > documentation of Endian lacks some explanatory examples. > > > Jonas. > > > On Wed, 2009-12-30 at 10:12 +0000, Pedro M. S. Oliveira wrote: > > > Hi > > I disagree on you both about the new EFW firewall interface, I see it > > much more complete and feature rich than the previous one. This new > > interface has more advanced options that you may use and it reseable > > best the iptables capabilities. In my opinion this is the way to go > > and it will be the difference between an home router and a business > > system. > > im sure that with a bit of reading about firewall and the way they > > work you ll get there. > > cheers, > > pedro > > > ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
