Differences in Revisions: Rule Processing

Older Revision
June 8 at 7:05 am
»
Newer Revision
August 11 at 5:12 pm
fixed incoming flow
# Rule Processing
 
## The three types of rules
 
On the firewall rules page, you can see three sections in which the firewall rules are grouped.
This is done because of internals in which the iptables processes the packets.
 
### Incoming connections
 
An other group of rules is the rules that process packets that are directed to the firewall itself. Usually these go to some service like the DNS proxy or DHCP servers that is running on the firewall.
 
```text
` |---------------|`
|---------------|
`|---------------| | |`
|---------------| | |
`| GREEN network |---->| IPFire |`
| GREEN network |---->| IPFire |
`|---------------| | |`
|---------------| | |
` |---------------|`
|---------------|
```
 
### Forwarding rules
 
Rules of the forwarding section process packets that transit the firewall. That means IPFire receives them from one network and sends them out on an other network if that is permitted by the ruleset.
 
` |---------------|`
`|---------------| | | |----------------|`
`| GREEN network |---->| IPFire |---->| ORANGE network |`
`|---------------| | | |----------------|`
` |---------------|`
 
### Outgoing connections
 
Just like the incoming connection, there is a group of rules for outgoing connections. All connections that are established by IPFire itself are put into this group. These are for example downloading packages, everything the proxy accesses and so on.
 
` |---------------|`
` | | |----------|`
` | IPFire |---->| Internet |`
` | | |----------|`
` |---------------|`
 
 
## Order of the rules
 
The rules of each type are processed from top to bottom (internally in the iptables chains). The first rule that matches (where source, destination and all other settings equal with these in the packet that is currently processed) is executed and all rules after that are not evaluated any more.
 
You can use the arrows to re-order rules of the same type or define a position when you create new rules.