D-Link DFL-2500 User Guide - Page 128
IP Rules
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 128 highlights
14 CHAPTER IP Rules 14.1 Overview The list of rules defined on the basis of network objects - addresses, protocols, services - is the heart of any firewall. Rules determine the basic filtering functions of the firewall, which is essential. Following the rules configuration, the firewall regulates what is allowed or disallowed to go through, and how address translation, bandwidth management, and traffic shaping, is applied to the traffic flow. Any ambiguous or faulty rule may loose the security control or make the firewall useless. Basically, there are two stances of the firewall that describe fundamental philosophy of security: The default deny stance: Everything is denied unless specifically permitted. √ The default permit stance: Everything is permitted unless specifically denied. In order to provide the highest possible level of security, default deny is the default policy in D-Link firewalls. The default deny is accomplished without a visible rule in the list. However, for logging purposes, rule list commonly has a DropAll rule at the bottom with logging enabled. When a new connection is being established through the firewall, the list of rules are evaluated, top to bottom, until a rule that matches the new 109