This subsection allows you to configure the External Access settings for the Endian Firewall machine itself. This is 100% optional, so you may safely ignore this section if you do not wish to make use of this feature.
External Access only controls access to the Endian Firewall box. It has no affect on the GREEN, BLUE or ORANGE network access. That is controlled in the Port Forwarding section, as described above.
If you wish to maintain your EFW machine remotely, you should enable access on TCP port 10443, https. If you have enabled ssh access, you can also enable TCP port 22, ssh.
The following describes the configuration fields of the Add a new rule box:
- Protocol
The drop down list allows you to choose which protocol this rule will follow. Possible values are TCP and UDP. Most regular servers use TCP. If the protocol is not specified in the server documentation then it is usually TCP.
- Source IP, or network (blank for "ALL")
This is the IP address of the external machine(s) you want to give permission to access your firewall. You may leave this blank, which allows any IP address to connect. Although dangerous, this is useful if you want to maintain your machine from anywhere in the world. However, if you can limit the IP addresses for remote maintenance, only these IP addresses or networks should be listed in this box.
- Destination Port
This is the external port that they are allowed to access, i.e. 10443.
- Destination IP
This dropdown menu allows you to choose which RED IP this rule will affect. Endian Firewall has the capability of handling more than one RED IP. If you only have one RED IP set up then choose Default IP.
- Enabled
Tick this box on to enable the current rule. You may temporarily disable a rule by ticking it off.
Once you have entered all the information press . This will move the rule to the next section, and list it as an active rule.
Current rules lists all the rules that have been created. To remove one, click the Trash Can icon. To edit one, click the Yellow Pencil icon.
To enable or disable a rule - click on the Enabled icon (the checkbox in the Action column) for the particular entry you want to enable or disable. The icon changes to an empty box when a rule is disabled. Click again on the checkbox to re-enable it.
Note
By default the port 113 will be opened. This is a dirty solution to make connections faster. Since many services use an old unsafe protocol (ident) to fulfill standards, which asks for the remote user who has established the connection to the service and most machines do not support this service anymore, connections need a long time to successfully establish, since the ident request needs to timeout because the firewall drops those packets. This rule opens the ident port, so the kernel can promptly reject the ident packet and there is no need to timeout. Currently this is the only possibility since there is not yet a support to reject packets. Endian Firewall supports only silently dropping them.