3.3.9. Disabling rules and objects

During the management and maintenance of the firewall host it is often useful to be able to temporarily turn off certain rules, policies, and so on. In Zorp this feature is implemented via the Disable/Enable options of the local menus. To display the local menu of a rule or object, right-click on the object. For example, a packet filter rule that is only rarely used can be simply disabled when it is not required, to be enabled again when it is required. Disabled rules and objects are generated into the configuration file as comments with the # prefix.

Disabled objects can be edited, modified similarly to any other objects. However, their validity (whether for example, the required parameters are filled, their name is unique, and so on) is checked only when they are enabled again.

The following objects can be disabled in the various ZMC components:

Host:

Packet filter:

Disabling a group automatically disables its childrens as well.

Note

Generated rules do not remain disabled after skeleton generation.

Zorp:

Networking:

Date and time:

Content vectoring:

ZAS:

  • Routers

Heartbeat:

  • Resources

IPSec VPN:

  • Connections

Mail transport:

  • Listen interfaces

  • Transport maps

  • Virtual maps

  • Sender address restrictions

  • Recipient address restrictions