ZyAIR
Once the logic of the rule has been defined, it is critical to consider the security ramifications created by the rule:
1Does this rule stop LAN users from accessing critical resources on the Internet? For example, if IRC is blocked, are there users that require this service?
2Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective?
3Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.
4Does this rule conflict with any existing rules?
Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
15.3.3 Key Fields For Configuring Rules15.3.3.1 Action
Should the action be to Block or Forward?
Note: “Block” means the firewall silently discards the packet.
15.3.3.2 Service
Select the service from the Service scrolling list box. If the service is not listed, it is necessary to first define it. See “Predefined Services” on page 206 for more information on predefined services.
15.3.3.3 Source Address
What is the connection’s source address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet?
15.3.3.4 Destination Address
What is the connection’s destination address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet?
Chapter 15 Firewall Screens | 194 |