This subsection allows you to configure the Outgoing Firewall settings for Endian Firewall.
You can globally ALLOW outgoing traffic to RED (Internet) or set the single port for the outgoing traffic.
The following services are allowed by default from the GREEN zone:
HTTP
HTTPS
FTP
SMTP
POP3
IMAP
DNS
DNS is also allowed by default for all other zones.
If you like to add a rule open the Add a new rule dialogue, which will be described below:
- Remark
You may add a remark which then helps you to easier identify the rule within the Current rule list.
- Enabled
Tick this box on to enable the current rule. You may temporarily disable a rule by ticking it off.
- Protocol
The drop down list allows you to choose which protocol this rule will follow. Possible values are UDP and TCP. Most regular servers use TCP. Some game servers and chat servers use UDP. If the protocol is not specified in the server documentation, then it is usually TCP.
- Policy
Select the policy you set for this rule. Possible values are:
ALLOW - Allows the traffic which applies to the rule.
DENY - Silently blocks the traffic which applies to the rule. Dropped connections will be logged by default. You can toggle that off in the Log main menu.
- Source Net
This drop down list allows you to choose a whole zone as source net. You will find listed every zone the firewall knows, except the RED one, since that per design of the outgoing firewall of course always is the destination zone. If you like to define the rule more precisely and allow only an IP address, then select use source IP address.
- Source IP address
This is optional if you choose a zone before. You can specify an IP address, for example 10.1.1.3, or a network like 10.1.1.0/24, which you want to allow or disallow to access RED.
- Log packets which satisfy this rule
Tick this on if you want the firewall to log all connection attempts which satisfy the rule. This for example is convenient for testing purposes.
Note
In some countries this may be illegal.
- MAC address
This is optional. You may fill in the MAC address of a network card which is allowed or disallowed to pass through. If you do not want to specify both, IP address and MAC address, but only the MAC address, then simply select a zone within the source net and leave the source IP address field blank.
- Destination IP address
This is optional. If you want to limit or deny access to a specific remote address you may fill in an IP address like 68.163.90.13 or a network like 68.163.75.0/24.
- Destination port
This is probably the most important field for you, however it is nevertheless optional. Fill in a destination port if you want this rule to be limited to a remote service. For example you can create a rule which allows access to all HTTP (web) servers, by specifying port 80 and leaving all other fields empty.
Once you have entered all the information press . This will move the rule to the next section, and list it as an active rule.
Current rules lists the rules that are in effect. To remove one, click the Trash can icon. To edit one, click the Pencil icon. To enable or disable a rule - click on the Enabled icon (the checkbox in the Action column) for the particular entry you want to enable or disable. The icon changes to an empty box when a rule is disabled. Click again on the checkbox to re-enable it.
On top of the table there is a checkbox labeled Log accepted outgoing connections. Tick this checkbox on if you want the firewall to log all connections which have been established or tried to and successfully passed the firewall without being blocked.
Note
Enabling this may not be legal in some countries, but in some other countries this is compulsory.
You can globally allow outgoing traffic from all zones to the Internet by simply answering yes to the question disable outgoing firewall ? in the drop down menu below and then clicking on the save button.
You can go back to the default settings which limit access to RED by answering yes to the question enable outgoing firewall ? in the drop down menu below and then clicking on the save button.
You will notice a single checkbox, labeled Log accepted outgoing connections. Tick this checkbox on if you want the firewall to log all connections which have been established or tried to and successfully passed the firewall without being blocked.
Note
Enabling this may not be legal in some countries, but in some other countries this is compulsory.
This page was last modified on: $Date$.