A.4.2. Modifying the ruleset

Modifying the ruleset basically means creating new rules/chains, modifying some of their parameters or simply deleting them. This component provides a clean interface for doing these tasks.

Note

Packet filtering rules are created and managed automatically by ZMS. Usually it is not required nor recommended to modify them manually. If the transfer of traffic is required without application-level inspection, create a packet filter service (see Procedure 6.4.1, Creating a new service for details). To enable access to services running on firewall hosts (e.g., SSH access), see Section 9.4, Local services on Zorp.

Typically, the packet filtering rules have to be modified when traffic without terminating it on Zorp has to be forwarded, like forwarding IPSec VPN connections.