A.4.2.1. Adding new packet filter chains and rules

The packet filter ruleset can be managed on the Ruleset tab of the Packet filter MC component.

The ruleset consists of four basic elements that are organized into a tree. The four elements can be found on different levels of the layout tree.

  1. The root elements are the tables which are fixed and cannot be modified in any way.

  2. Each table holds a number of table-specific chains. Both types of chains, built-in and user-defined chains, are on the second level of the tree. Built-in chains cannot be deleted and only their default policy can be modified. To add a new chain to a table, select the table and click New Child. Alternatively, you can select an existing chain of the table and click New.

    The order of the chains in the table is not important and does not influence the behavior of the ruleset.

  3. The child entries of the chains are the rules. To create a new rule in a chain, select the chain and click New Child. Alternatively, you can select an existing rule of the chain and click New. For easier overview and management the rules can be grouped together. Groups and rules that do not belong to any group appear on the third level of the tree. To create a group from the rules, select the rules you want to group, right-click on the selected rules, and select Group from the local menu.

  4. Rules that belong to a group appear on the fourth level of the tree.

Each rule is represented as a row in the table together with its properties (matches and targets) in the columns. Unlike chains, the order of the rules is important. The order can be changed with the small triangle buttons on the right. To create a rule the matches and the targets needs to be configured. To modify a rule, double click the rule and change the match and target part. The most commonly used matches and the targets can be set on the General options tab, while other rarely used matches can be configured on the Advanced options tab.

For further information on the matches and targets, see the iptables(8) manpage and the Appendix C, Further readings.

Tip

The direction of a rule can be changed by selecting Swap directions from the local menu.

Previous Up Next
 Home