This section of the Smoothwall Firewall is where you manage the rules that control access to the services running on the Smoothwall Filter and Firewall hardware appliance itself. They are separate from the main Smoothwall Firewall rules section that handle outgoing traffic through the Smoothwall Filter and Firewall. Access rules control access to services running on the Smoothwall Firewall for both internal and external traffic. For example, you can add access rules where network traffic uses the following path through the Smoothwall Filter and Firewall.
The access rules are organized into sections. There's a default access rules section and a catch-all section, which contains the default rules that are present on fresh installation. If you have upgraded from a previous version of the Smoothwall Filter and Firewall, you should also see sections containing any migrated rules.
Access rules are applied from top to bottom meaning the logic of the top role supersedes the next one down. The catch-all rule is set to reject all traffic because it is placed at the bottom of all the rules it ensures that anything not allowed in a rule before is rejected. This default only applies to services managed within the access rules. It doesn't apply to general internet traffic managed elsewhere, see the full list of Smoothwall Filter and Firewall services that are managed by access rules.
Default access rules
Default | Description |
---|---|
Migrated external access rule | Any Smoothwall Filter and Firewall that has been installed prior to the Inverness Castle release, have this rule available by default. Any previous external access rules configured are amalgamated into the Migrated external access rule. |
Allow ICMP | Internet Control Message Protocol (ICMP) is used by network devices to send error messages. ICMP is allowed through all interfaces by default, but you can adjust this to suit your organizational needs. |
Default rule | Handles all "other" network traffic from allowed services to this Smoothwall Filter and Firewall that doesn't match any other access rule. You can't delete this rule, but it can be edited to suit your organizational needs. |