This is an old revision of the document!
Firewall is a software stack which controls and filters traffic using its ruleset. Main goal of the firewall is protection networks and theirs nodes from unauthorized access. Also, in ICS CUBE, firewall is responsible for NAT and port forwarding.
On the start page of the module you can find it’s status, the “Disable” button (or “Enable”, if the module is disabled) and last log messages.
Attention! If you turn off firewall, only NAT rules will be in action. All rules that block undesirable access will be turned off as well, which may lead to a security breach. It’s highly recommended to turn off firewall only when it’s truly necessary.
Also it should be remembered that after server reboot with the firewall turned off, the pf rules, including NAT rules, will be cleared completely, and in this case users will not be able to access Internet via all protocols except HTTP.
The “Settings” tab allows to set the basic access to ICS CUBE without creating additional firewall rules. You can set IP-addresses or subtents that will be allowed to access ICS CUBE web-interface and to recovery console via ssh. If you want to allow access to ICS CUBE from everywhere, you can set the 0.0.0.0/0 subnet. Attention! Such settings are considered insecure since this way everyone can try to access the system. Before allowing access, it’s highly recommend to change password for a strong one (not less then 8 symbols including numbers and higher and lower-case letters).
The “Maximum active connections allowed” helps to set the limit of all connections to the system.
The “Firewall mode” parameter is for defining which module - pf or ipfw - will come first. In some cases the VPN-connections through ICS CUBE can be troubled by NAT of the pf module. In such case you can change the start-up sequence to pf→ipfw.
The “Rule” tab is the main instrument of the system administrator to set up the firewall. It is divided in two parts: the interfaces list (tree-like) and the list of the rules itself. When you click on an interface, you’ll see the rules connected to it. If necessary, the interfaces list can be disabled, using the arrow button in the center of the separation line.
Firewall rules are grouped as following:
By default all connections from outside is blocked by firewall. During the installation several standard rules are created, which are crucial for main services: mail server (25, 110, 143 ports), FTP-server (21 and 10000-10030 ports), web-server (80 port), DNS server (53 UDP port) and VPN-server (port 1723 and GRE protocol). Also there are two additional default allow rules: access to samba-resources (ports 139, 445) and to DNS zones transfer (port 53 TCP), and also the rule responsible for allowing ICMP-requests. Those rules are not mandatory, you can turn them off, edit or delete, if necessary.
The “Events” tab shows all that happens with the firewall. It’s divided into pages, you can navigate between them with the “Next” and “Previous” buttons, or enter the page number into the appropriate field to proceed directly to it. In the top right corner there is a search line. You can use it to look for specific records. The tab always shows events for the current date. To check other day’s events, choose the dates in the calendar in the top left corner of the module.
On the right side of the top panel there is a drop-down menu “Messages”, which allows to filter the event list using some criteria: system messages, service messages, errors, other messages.