Firewall rules

Turtle Firewall default policy forbids every connection the Firewall monitors. You can add to this default policy some rules which determine the connections you want to allow. Of course there are other ways to configure a firewall but this is considered to be more careful so I chose it for Turtle Firewall.

To allow a simple connection between 2 hosts (A, B), consider for example a http connection, you have to define two filter rules: at first one which allows the packets that go from the A host to the B one, the one which allows the return of reply packets from B to A.

Turtle Firewall simplifies this operation defining a series of servicesand making itself responsible for setting all the filtering rules needed to guarantee those services. This way a filter rule of Turtle Firewall is simply to use because it's based on an Internet service rather than on the characteristics of single packets. To indicate that you want to allow A to communicate with B through the http protocol, it will be sufficient to define only a Turtle Firewall rule in which you'll specify the name of the source item (A), the name of the destination one (B) and theservice to use (http). Remember that if you define a http rule from A to B, B cannot make use of the same service but it can only accept and reply to the http requests from A.

To view the list of active rules you have to click on the "Rules" icon from main menu of the Turtle Firewall module.

To create a new rule, click on "Create new rule" from the "Rules" section. At this point set the communication source item, the destination item, the service to use (http, ssh, ftp, etc.), in case a port (needed only for generic services such as tcp or udp) and, finally, select the "Active" check-box that makes the rule active.