How to create an outgoing rule in the new consolidated Firewall rules page.
The Inverness release saw the firewall-related pages in the Smoothwall being consolidated. The previous pages for setting up an outgoing firewall policy (Network > Outgoing > Ports and Network > Outgoing > Policies) have been amalgamated into the new firewall page (Network > Firewall > Firewall rules) which determines how traffic is routed through the Smoothwall.
- The Network > Outgoing > Ports page has been replaced with the Network > Settings > Service object manager page. Ensure a service object exists for the relevant services and ports for this rule. See our knowledge base article, How do I Create an Outbound Policy in the New Firewall?.
Tip: It is possible to skip this step, go straight into creating a new firewall rule, and add a service object half-way through.
- Go to Network > Firewall > Firewall rules.
- Create a firewall rule, noting the following:
- Source IP addresses Select those IP addresses from which access is permitted. Leave this parameter blank to match traffic coming from all IP addresses.
- Destination IP addresses Select those IP addresses to which access is permitted. Leave this parameter blank to allow traffic all IP addresses.
- Services Select those service objects, previously Ports and Protocols, relevant for this rule.
- Action From the drop-down list, select Accept.
The above creates a firewall rule that mirrors the behavior from the pre-Inverness Smoothwalls, that is, control the flow of traffic to an external network, such as, the internet.
Tip: Firewall rules are applied in a top-down approach. Move this rule above any block rules you have in place.
With the new consolidated firewall, you can also:
- If using an IP address range or subnet for Source IP address or Destination IP address you can exclude IP addresses in that range from matching the rule.
- Specify the Inbound interfaces to match traffic originating from those interfaces. Leave this parameter blank to match traffic coming from any interface, or combine this parameter with Source IP addresses to match traffic using the interface but only if it originates from those addresses.
- Specify the Outbound interfaces to block all traffic going to those specified. You can use this parameter instead of Destination IP addresses to match all traffic using these interfaces, or leave this parameter blank to match traffic going to any interface.
- Specify the Applications (Apps) that matching traffic uses. Traffic from specified applications is either blocked or rejected. Leave this parameter blank to match traffic from any application.
- Specify the user Groups that matching traffic originates from. Leave this parameter blank to match traffic from any group.
See our help topic, Adding new Firewall rules.