Better Firewall Documentation

Greg_Noseworthy · June 20, 2022, 9:54pm

NethServer Version: 7.9.2009
Module: Firewall

I apologize in advance for what I think is an incredibly newbie question…

I am trying to configure the Firewall in my NethServer to act as a sort of parental control. I was reading through the help section https://docs.nethserver.org/en/v7/firewall.html and I’m struggling to understand what I’m reading. It seems to be written for people who have a pretty good understanding of the firewall terminology.

Unfortunately, that’s not me.

I think there are two big questions that I have that I am not seeing in the documentation…

Can I apply a rule to a specific mac address, or do I need to assign an IP address to the device I want to limit and use that?
Is the Source the IP address of the computer I want to limit access to? And is the Destination the web page or service I want to stop the source from going to? Is there a way that I can just shut down all internet access to one device so they can’t go to any web page? Is there a wild card I need to enter as the Destination? Or do I just leave it blank?
What is Service? The documentation says it’s optional. Am I right in thinking that’s stuff like email or ftp’s or something? What would be a valid entry here?
I assume that description is just a text field that I can enter something in here so I know what I was trying to do when I look at this six months from now, right?
What format should I enter the Time as? I’m assuming this is where I would put the time that I want the rule to apply? So, if I didn’t want my kids on the internet after midnight, I could enter something here? Can it apply only Monday to Friday?

If you know of any documentation that has more detail than what I linked above, I’d appreciate it greatly!!

Thanks
Greg

pike · June 21, 2022, 11:21am

Indeed it is.
Nethserver is not a device for the beginners, but a tool for sysadmin who don’t want to have some hassles or someone which should not touch that much a simple server installation.

Anyway I’ll try to answer to some questions.

The second one. Long story short, firewalls don’t process hostnames nor mac addresses, but only IP addresses.

The default sequence of allowance goes this way
GREEN -> BLUE -> ORANGE -> RED
Source is on the left, destination is on the right.
Following the default, flow is allowed from source to destinations (and answers back)
Following the same direction these are the rules. For wildcard you can use the setting “Any” but trust me, is better not use them unless you know what you’re doing.
Anyway, if you want to manage internet access, content filtering is not easier, yet better solution.

Service is an object which can be a single or multiple port.

Correct.

Use objects. Time conditions are a bit trickier, due to midnight issue. Again, content filter might be a better way for managing the internet access. Anyway, this apply mostly on http/s or browsers.
What content filter cannot do is choosing some specific applications. For that, firewall with nDPI is a much more effective choice.

Greg_Noseworthy · June 23, 2022, 3:06pm

Wow… thanks for this detailed response.

I’ll keep plugging on this on my own and see if I can learn something new:)

Thanks.

pike · June 23, 2022, 3:33pm

Please, keep posting your answers who knows that for the coming future, your expertise might help