The firewall options page provides an easy way to modify different firewall options in a graphical way or to adjust the logging characteristics on multiple network packets. One of the most important point is to take control on the policy and the default behavior of the forward and outgoing firewall.
This part has been moved to Masquerading/NAT.
This section allows you to individualize the logging output of dropped network packets by your firewall.
When a system is connected to the internet with a dynamic IP and the used address has been changed, you may receive traffic which was addressed to the former owner of this address. This could happen because in some cases the sender didn't get informed that the address of his recipient has been changed and network packets of established connections will be sent to you. IPFire will mark them as new but without a known connection. They will be dropped and logged by the firewall as "NEW not SYN" packets.
Packets which have been dropped by the firewall input chain get logged. With this feature you can switch on/off the logging of them.
Like to the option above, but the logging of dropped forward packets can be adjusted.
Similar than input packets. The logging of dropped outgoing packets can be changed.
This option can be used to disable the logging of all dropped packets which have been recognized to be potential bad TCP traffic.
This function allows you to disable the logging when traffic of unauthorized clients on the blue network zone got dropped.
By using this option, the logging of dropped network packets from the blue to the green or orange zone can be disabled or re-enabled.
This section only will be displayed after a blue network zone has been installed and configured. It can be used to change the firewall characteristics on this network zone for different known cases.
When using this option, all network packets which are not designated for the web-proxy-server will become dropped.
This feature can be used to prevent clients on the blue zone from using Microsoft related services like SMB file shares or printing service. All requests to the network ports 135,137,138,139,445 and 1025 will be dropped.
This sub-section offers the ability to customize the look and feel of some elements on the firewall rules and creation page.
When enabling this option coloured borders on all existing rules will be displayed. This feature can provide you a better overview of your ruleset.
|Show colors in ruletable = off||Show colors in ruletable = on (default)|
This option is used to hide all created remarks on the firewall rules page.
|Show remarks in ruletable = off||Show remarks in ruletable = on|
The corresponding ruletables are hidden unless at least one rule has been created. When enabling this option the empty tables also get displayed on the firewall rules page.
|Show empty ruletables = off (default)||Show empty ruletables = on|
Various elements are hidden if they are not used like VPN zones or host/service groups on the page where new firewall rules can be created. This option can be used to display them anyway.
|Show all networks on rule creation site = off (default)||Show all networks on rule creation site = on|
FIXME - This section is apparently new, but not documented yet
Detailed information about this very important tasks can be found here.