D-Link DFL-500 Network Card User Manual

Open as PDF

of 122

DFL-500 User Manual

Adding a Transparent mode Int -> Ext policy

Configuring policy lists

The firewall matches policies by searching for a match starting at the top of the policy list and moving down

until it finds the first match. You must arrange policies in the policy list from more specific to more general.

For example, the default policy is a very general policy because it matches all connection attempts. To create

exceptions to this policy, they must be added to the policy list above the default policy. No policy below the

default policy will ever be matched.

This section describes:

• Policy matching in detail

• Changing the order of policies in a policy list

• Enabling and disabling policies

Policy matching in detail

When the firewall receives a connection attempt at an interface, it must match the connection attempt to a

policy in either the Int -> Ext or Ext -> Int policy list. The firewall starts at the top of the policy list for the

interface that received the connection attempt and searches down the list for the first policy that matches the

connection attempt source and destination addresses, service port, and time and date at which the

connection attempt was received. The first policy that matches is applied to the connection attempt. If no

policy matches, the connection is dropped.

The default policy accepts all connection attempts from the internal network to the Internet. From the internal

network, users can browse the web, use POP3 to get email, use FTP to download files through the firewall,

and so on. If the default policy is at the top of the Int -> Ext policy list, the firewall allows all connections from

the internal network to the Internet because all connections match the default policy.

A policy that is an exception to the default policy, for example, a policy to block FTP connections, must be

placed above the default policy in the Int -> Ext policy list. In this example, all FTP connection attempts from

the internal network would then match the FTP policy and be blocked. Connection attempts for all other kinds

of services would not match with the FTP policy but they would match with the default policy. Therefore, the

firewall would still accept all other connections from the internal network.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

D-Link DFL-500 Network Card User Manual