13. Firewall rules

Starting with DynFi Manager version 24.0, it is possible to view the rules of each connected firewall. Rule list is available for each device - choose “Rules” in device menu.

Rules are presented for each interface separately, with floating rules grouped in their own section. For each interface, it’s also possible to show / hide:

  • Floating rules which affect this interface,

  • Internal rules generated by firewall or its plugins, which affect this interface.

Some rule attributes are presented as icons to save space. Each icon (and some non-icon attributes) has a tooltip explaining the meaning of this icon. For alias-based rules, it is possible to check the source / destination alias without leaving the rule list.

For detailed explanation of each rule attribute, please consult your firewall documentation.

_images/overview.png

13.1. Limiting access to the rules

In some cases it may be desirable to hide certain firewall rules for a group of DynFi Manager users. There are four permissions which affect rules:

  • Create - allows a user to download new rules from firewall (and create new rules in future DynFi Manager versions),

  • Read - allows as user to view non-restricted rules,

  • Read restricted rules - allows a user to view all rules,

  • Restrict rules - allows a user to restrict the visibility of rules.

To hide a set of rules from a group of users, first create a role with “Read” permission for rules (and none of the other three) and assign this role to selected users. Then, on the Rules list, use “Restrict rules” button to enter admin mode, and then select the rules to hide. You can select rules for multiple interfaces before confirming the selection. The rules which were already hidden are preselected.

Please note that the button is only visible for administrator and users with the “Restrict rules” permission.

_images/manage_restrictions.png

“Restrict rules” mode

Once you confirm your selection, the rules are restricted. Administrator and users with the “Read restricted rules” permission can see restricted rules marked with a red padlock icon. All users with “Read” permission only will not see these rules at all.

_images/restricted.png

Admin view of restricted rules