Lets take a look at the policy of the template firewall. These rules
are intended to be an example, a starting point to help you create
your own policy quicker. Most likely you will want to modify them to
suite your requirements. Explanation of the rules given here is rather
brief because the goal of this tutorial was only to demonstrate how to
use Firewall Builder. Detailed discussion of the rules would make the
tutorial much longer.
- Rule 0: this is an anti-spoofing rule. It block incoming
packets with source address that matches addresses of the firewall or
internal or DMZ networks. The rule is associated with outside interface
and has direction set to "Inbound".
- Rule 1: this rule permits any packets on loopback interface. This
is necessary because many services on the firewall machine communicate
back to the same machine via loopback.
- Rule 2: permit ssh access from internal network to the firewall
machine. Notice service object "ssh" in the column "Service". This
object can be found in the Standard objects library, folder
Services/TCP.
