2.6. The item FIREWALL

Turtle Firewall considers, apart from the zones we have defined, a further default zone called FIREWALL which identifies our linux-box where the firewall itself has been installed. Every packet which is not in transit through the firewall but leaves from it or is addressed to it, involves the use of the "FIREWALL" zone. FIREWALL isn't a host because a firewall doens't have only one ip (it has an IP per interface) therefore it's more appropriate to consider it a zone apart.

It's extremely important to set rules that protect our firewall. The common sense should drive us to make the Firewall completely isolated, denying the access to the FIREWALL zone to all, but often we want to modify the firewall configuration while we are sitting comfortably in our position ( laziness is the most frequent cause of compromising a security system ;-) ) and therefore I suggest to make available a number of services as minor as possible to a number of hosts as minor as possible; only the ssh service to the network administrator host is a good compromise.

Turtle Firewall doesn't allow you to define 2 elements with the same name, even if they are different items. For example, there cannot be a host which has the name of a zone. For this reason you cannot define an element called "FIREWALL".