3.1.9.3.4. Rules

Rules can be generated to allow or deny traffic between computers, specific ports, etc. They specify the source and destination zones, interfaces, protocols and ports.

This view displays the Action, Source, protocol, Destination, destination ports, Source ports, Original destination, and description parameters.

There is a default rule, included as part of the OpenNAC Core, that is pre-configured in the VPNGW without the need for any additional setup. You can see this rule in the image bellow:

../../../../_images/farm_rule.png


By clicking on the Add new button, it will display the following configuration window:

../../../../_images/add_new_rule.png


  • Action: Select the instruction of the rule (ACCEPT, DNAT, DROP, LOG & ACCEPT, LOG & REJECT, REDIRECT, REJECT).

  • Source zone: Select the source zone. You will select a zone from the ones you have previously created.

  • Source hosts: Select the source host.

  • Protocol: Select the rule protocol (All, TCP, UDP, ICMP, ESP)

  • Destination zone: Select the destination zone. You will select a zone from the ones you have previously created.

  • Destination hosts: Select a destination host to the rule.

  • Destination ports: Select a destination port to the rule.

  • Source ports: Indicate the source ports.

  • Original destination: Select the original destination.

  • Description: Add a description to the rule.

  • Active: Flag to enable or disable the rule.

By clicking on the Clone button, it will clone the selected rule and pop-up a configuration window with its parameters. This way you can edit it and crete a new rule based on the cloned one.

You can also edit, delete, enable, and disable rules using the correspondent buttons located at the top row of this view.