Order of Policies

  • pfahsel

    pfahsel - 2009-02-09

    I am currently using fwbuilder 3.0.3 to build a firewall with a compex ruleset. I would like to use the possibility of creating multiple policies to group related rules. But I cannot find any information how to set the order of the rulesets and how the order of rules are affected by the "Top Ruleset" switch. Can someone explain this please?

    • Vadim Kurland

      Vadim Kurland - 2009-02-09

      I assume you use iptables.

      Different policy objects translate into different user-defined chains for iptables. The name of each chain matches the name of the corresponding Policy object. Since different chains are never merged into one, the order in which they are added to the generated script does not matter.

      "Top ruleset" option, when checked, makes compiler put rules into built-in iptables chains INPUT/OUTPUT/FORWARD instead of the user-defined chain. It is recommended that you have only one "top" ruleset for the filter table and possibly one more for the mangle table. If you mark two rule sets as "top", compiler will put rules from both into built-in chains which will merge two rulesets together. The order in this case is the same as the order in which they were created, which may not be obvious and not what you expect. This is not recommended.

      This is illustrated in the following slide shows



Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks