Feature #2705

Updated by Giacomo Sanchietti over 5 years ago

Firewall should implement a simple way to describe reusable objects.

Firewall module uses these system objects:
* Host
* Group of host
* Zone
* Service

A host is an already defined entry inside the @hosts@ db, or a new key of type @host@:
<pre>
name=host
IpAddress=IP
Description=
</pre>

A @host-group@ is a group of hosts inside the @hosts@ db. A @host-group@ db entry can be something like:
<pre>
name=host-group
Members=host1,host2
</pre>

A zone represents a network zone which can be associated to an interface or a set of IP address. A @zone@ entry in @networks@ database can be something like:
<pre>
name=zone
Network=CIDR
Interface=ethX

</pre>

A configured network interface is automatically a zone.

A service can have a protocol and one or more ports. A @service@ entry in @fwservices@ database can be something like:
<pre>
name=fwservice
Protocol=TCP/UDP/TCPUDP/ICMP
Ports=port/port range
</pre>

Back