This subsection allows you to configure the Outgoing Firewall settings for Endian Firewall.
You can globally ALLOW outgoing traffic to RED (Internet) or set the single port for the outgoing traffic.
The following services are allowed by default from GREEN zone:
HTTP
HTTPS
FTP
SMTP
POP3
IMAP
DNS
DNS is also allowed by default for all other zones.
If you like to add a rule open the Add a new rule dialogue, which will be described below:
You may add a remark which then helps you to easier identify the rule within the Current rule list.
Tick this box on to enable the current rule. You may temporarily disable a rule by ticking it off.
The drop down list allows you to choose which protocol this rule will follow. Possible values are UDP and TCP. Most regular servers use TCP. Some game servers and chat servers use UDP. If the protocol is not specified in the server documentation, then it is usually TCP.
Select the policy you set for this rule. Possible values are:
ALLOW - Allows the traffic which applies to the rule.
DENY - Silently blocks the traffic which applies to the rule. Dropped connections will be logged by default. You can toggle that off in the Log main menu.
This drop down list allows you to choose a whole zone as source net. You will find listed every zone the firewall knows, except the RED one, since that per design of the outgoing firewall of course always is the destination zone. If you like to define the rule more precisely and allow only an ip address, then select use source IP address.
This is optional if you choose a zone before. You can specify an ip address, for example 10.1.1.3, or a network like 10.1.1.0/24, which you want to allow or disallow to access RED.
Tick this on if you want the firewall to log all connection attempts which satisfy the rule. This for example is convenient for testing purposes. Note that in some countries this may be illegal.
This is optional. You may fill in the mac address of a network card which is allowed or disallowed to pass through. If you do not want to specify both, ip address and mac address, but only the mac address, then simply select a zone within source net and leave the source ip address field blank.
This is optional. If you want to limit or deny access to a specific remote address you may fill in an ip address like 68.163.90.13 or a network like 68.163.75.0/24.
This is probably the most important fields for you, however it is nevertheless optional. Fill in a destination port if you want this rule to be limited to a remote service. For example you can create a rule which allows access to all HTTP (web) servers, by specifying port 80 and leaving all other fields empty.
Once you have entered all the information press
. This will move the rule to the next section, and list it as an active rule.Current rules lists the rules that are in effect. To remove one, click the Trash can icon. To edit one, click the Yellow pencil icon. To enable or disable a rule - click on the Enabled icon (the checkbox in the Action column) for the particular entry you want to enable or disable. The icon changes to an empty box when a rule is disabled. Click on the checkbox to enable it again.
On top of the table is a checkbos labeled Log accepted outgoing connections. Tick this checkbox on if you want the firewall to log all connections which have been established or tried to and successfully passed the firewall without being blocked. Note that enabling this may not be legal in some countries, but in some other countries this is compulsory.
You can globally allow outgoing traffic from all zones to Internet simply answering yes on the question disable outgoing firewall ? by selecting yes in the drop down menu below and then clicking on the save button.
You can go back to the default setting which limits access to RED by answering yes to the question enable outgoing firewall ? by choosing yes in the drop down menu below and then clicking on the save button.
You will notice a single checkbox, labeled Log accepted outgoing connections. Tick this checkbox on if you want the firewall to log all connections which have been established or tried to and successfully passed the firewall without being blocked. Note that enabling this may not be legal in some countries, but in some other countries this is compulsory.