13. Firewall rules

Starting with DynFi Manager version 24.0, it is possible to view the rules of each connected firewall. The rule list is available for each device - choose “Rules” in device menu.

Rules are presented separately for each interface, with floating rules grouped in their own section. For each interface, it’s also possible to show or hide:

  • Floating rules which affect this interface,

  • Internal rules generated by the firewall or its plugins which affect this interface.

Some rule attributes are presented as icons to save space. Each icon (and some non-icon attributes) has a tooltip explaining its meaning. For alias-based rules, it is possible to check the source or destination alias without leaving the rule list. To see the alias details click on the alias icon. State details (traffic data such as packets or bytes sent) are displayed in a tooltip on hover. Please note that this live data can only be displayed if DFM is connected to the given device.

For a detailed explanation of each rule attribute, please consult your firewall documentation.

_images/overview.png

13.1. Limiting access to the rules

In some cases it may be desirable to hide certain firewall rules from a group of DynFi Manager users. There are four permissions which affect rules:

  • Create - allows a user to download new rules from the firewall (and create new rules in future DynFi Manager versions),

  • Read - allows a user to view non-restricted rules,

  • Read restricted rules - allows a user to view all rules,

  • Restrict rules - allows a user to restrict the visibility of rules.

To hide a set of rules from a group of users, first create a role with the “Read” permission for rules (and none of the other three permissions) and assign this role to the selected users. Then, on the Rules list, use the “Restrict rules” button to enter admin mode and select the rules to hide. You can select rules for multiple interfaces before confirming the selection. The rules which have already been hidden are preselected.

Please note that the “Restrict rules” button is only visible to administrator and users with the “Restrict rules” permission.

_images/manage_restrictions.png

“Restrict rules” mode

Once you confirm your selection, the rules are restricted. Administrator and users with the “Read restricted rules” permission can see restricted rules, which are marked with a red padlock icon. All users with only “Read” permission will not see these rules at all.

_images/restricted.png

Admin view of restricted rules