Toorce Firewall: Chapter 5 - Firewall

5.1 Object

The Objects section allows administrators to define reusable elements that can be utilized in firewall rules, enhancing the efficiency and clarity of configurations. This feature simplifies management by allowing the grouping of related addresses and ports.

• ID: Each object is assigned a unique identifier (ID) that helps distinguish it from other objects within the system. This ID is crucial for management and reference purposes.
• Name: This field requires a descriptive name for the object, making it easier for administrators to identify its purpose. Clear naming conventions help improve organization and understanding of the firewall's configuration.
• Type: This specifies the category of the object, which can include options like:
  • Address: Refers to specific IP addresses or ranges.
  • Ports: Defines specific port numbers or ranges used for various services.
• Value: This field contains the actual data associated with the object, such as an IP address (e.g., 192.168.1.1) for address objects or port numbers (e.g., 80 for HTTP) for port objects. The value defines the specific criteria used in firewall rules.

The "+Add" button allows administrators to create new address or port objects by filling in the required fields. This functionality is essential for customizing firewall rules and ensuring proper traffic management.

• Name: This field requires a descriptive name for the new object, such as test. A clear and meaningful name helps in easily identifying the object within the configuration.
• Type: This dropdown menu allows administrators to select the type of object being created. Options include:
  • Host: A single IP address.
  • IP Range: A range of IP addresses.
  • Network: A defined network address and subnet.
  • FQDN: Fully Qualified Domain Name for resolving domains.
  • TCP Port Number: A specific port used for TCP traffic.
  • UDP Port Number: A specific port used for UDP traffic.
  • ANY Port Number: Indicates any port for traffic rules.
  • TCP Port Range: A range of TCP ports.
  • UDP Port Range: A range of UDP ports.
  • ANY Port Range: Indicates any range of ports.
  • ICMP Port Number: Specifies ICMP types for network diagnostics.
• Value: This field contains the specific data associated with the object. For instance, if creating a host object, the value might be 192.168.100.1. This value defines the criteria that will be used in firewall rules.

5.2 Rules

The Forward Rules section allows administrators to configure and manage rules that determine how traffic is handled as it passes through the Toorce firewall. This is essential for controlling access, enhancing security, and managing network performance.

• #: This column displays the order of the rules in the list. The sequence in which rules are listed can affect how they are applied, as the firewall processes rules from top to bottom.
• ID: Each rule is assigned a unique identifier (ID), allowing for easy reference and management of specific rules within the configuration.
• Name: This field displays the name of the forward rule. A clear and descriptive name helps administrators identify the purpose and function of each rule quickly.
• Action: This specifies the action that will be taken when the rule matches traffic. Common actions include:
  • Allow: Permits the traffic to pass through the firewall.
  • Deny: Blocks the traffic from passing through.
• Status: This column indicates whether the rule is Enabled or Disabled. An enabled status means the rule is active and will be processed by the firewall, while a disabled status means it will be ignored.
• Size: This field shows the size of the rule, which can indicate the complexity or number of conditions set within the rule. Larger rules may require more processing power and could affect performance.

The "+Add" button allows administrators to create new forward rules by filling in the required fields. This functionality is critical for customizing traffic management and security settings.

• Rule Name: This field requires a descriptive name for the static route. A clear name helps in easily identifying the rule's purpose within the firewall configuration.
• Interface: Administrators can specify both the Source Interface and Destination Interface by selecting from a dropdown list of available interfaces. This defines where traffic originates and where it is intended to go.
• Address: This section allows for the selection of Source Address and Destination Address from the available address objects. Defining these addresses is crucial for determining the specific traffic that the rule applies to.
• Services: Administrators can select Source Ports and Destination Ports from the available service objects. This helps in specifying which types of traffic (based on port numbers) the rule will affect.
• Geographic Location: This option allows administrators to enable or disable filtering based on geographic location. They can also specify a Destination Country, adding another layer of control over traffic based on its origin or destination.
• Actions: This field defines the action to be taken when the rule matches traffic. Options typically include:
  • Allow: Permit the traffic.
  • Deny: Block the traffic.
  • NAT: Specify whether NAT will be applied to the traffic.
• Filtering Profiles: Administrators can select filtering profiles, such as WebFilter or Application, to apply additional content filtering to the traffic governed by this rule.
• Security Profiles: This section allows for the selection of an IPS (Intrusion Prevention System) profile to provide additional security measures for the traffic that matches this rule.
• Admins: This field allows the specification of the status for administrative actions, where administrators can set the Status to Disable or Enable. This controls whether certain administrative actions are permitted for this rule.

5.3 DNAT

DNAT allows you to redirect incoming traffic from a public IP and port to a specific internal IP and port. This is commonly used for services like web servers, email servers, or any application that needs to be accessible from outside your network.

• General Settings:
  • Source Interface: Specifies the network interface from which the incoming traffic is expected. For example, if the traffic comes from your internal network, you might set this to LAN (e.g., eth1).
  • Protocol: Defines the type of traffic that the rule applies to, such as TCP, UDP. It determines what kind of packets will be affected by the DNAT rule.
• Virtual Address:
  • Start - End: Specifies the external (public) IP addresses used for incoming traffic.
• NATed Address:
  • Start - End: Defines the internal (private) IP addresses to which the traffic will be redirected.
• Virtual Port:
  • Start - End: Indicates the port range on the virtual address for incoming traffic.
• NATed Port:
  • Start - End: Specifies the port range on the NATed address that the incoming traffic will be directed to.