4Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.
5Does this rule conflict with any existing rules?
6Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
11.3.3Key Fields For Configuring Rules
11.3.3.1 Action
Should the action be to Block or Forward? “Block” means the firewall silently discards the packet.
11.3.3.2 Service
Select the service from the Service scrolling list box. If the service is not listed, it is necessary to first define it. See Section 11.10 on page 126 for more information on predefined services.
11.3.3.3 Source Address
What is the connection’s source address; is it on the LAN, WAN? Is it a single IP, a range of IPs or a subnet?
11.3.3.4 Destination Address
What is the connection’s destination address; is it on the LAN, WAN? Is it a single IP, a range of IPs or a subnet?
11.4 Connection Direction
This section describes examples for firewall rules for connections going from LAN to WAN and from WAN to LAN.
LAN to LAN/ Router, WAN to WAN/ Router rules apply to packets coming in on the associated interface (LAN, WAN respectively). LAN to LAN/ Router means policies for
11.4.1 LAN to WAN Rules
The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules
Chapter 11 Firewall Configuration | 114 |