Glacier
Firewall
Introduction
Configuring firewall rules
Glacier offers firewalling features using Access Control Lists (ACLs) which create a chain of criteria matching an incoming connection's properties. ACLs can be applied to interfaces as a whole and can be overridden on a per-incoming-port basis. This allows you to take full control over the matching algorithm, because you can specify criteria on two separately detailed levels. First a connection is matched against the interface ACL, then it is subjected to matching against the incoming port ACL.
The Glacier firewall engine distinguishes the following four types of matching criteria:
- Remote host address, which determines if the address that initiates the connection matches a predefined address. An example matching value would be "10.0.0.10".
- Remote network mask, which check if the initiating address is originating from a predefined submask. Examples of a matching value are "192.168.0." and "10.".
- Remote source port, this check ensures that the originating TCP source port is within a specified range, for instance "6000-8000".
- Timespan, ensures that a connection is initiated only during certain hours. An example is "1800-2400" which would only match connections made during the afternoon.
Single ACL rules can be chained together using boolean operator logic to combine multiple criteria.
Let Glacier help you
Graphically adding an ACL rule
Adding firewall rules is as easy as clicking your way through a simple dialog as in the screenshot on the right, there is no need for a text editor. As you can see, the dialog provides you with a relevant set of options, you needn't remember configuration details or available options, all settings are conveniently stored in drop-down combo boxes.
What's more: Glacier provides a helpful tooltip, a small passive popup message on the "Match against" field so you can easily find out what kind of value you need to provide for the selected ACL rule type.
Related
Also see the following pages for other features and descriptions: