Eicon logo
Safepipe and security Networking with Safepipe VPN Clients
Safepipe Centre > Questions and Answers
Documentation
Printed guides
HowTo setup guides
Questions and answers
Questions and answers
Reference
Encyclopedia
Other resources
Training
Self-test courses
Download
Software and Release notes
Administration Tool
Support
Link to Eicon Networks Support



What are the Safepipe 'default' firewall rules?

The Safepipe 'default' firewall rules are the five firewall rules that have been preconfigured on Safepipe and appear in the firewall rule table upon initialization of Safepipe. The object of these default rules is in short to block traffic to your LAN from the Internet and allow unlimited traffic within and from your LAN to the Internet. This means that you do not need to configure any firewall rules to have fundamental firewall functionality on Safepipe. However, you can configure additional firewall rules to customize the firewall to suit the structure of your particular network and any special security needs you may have.

Please note: You should not change or delete any of the default firewall rules on Safepipe - unless you have a very well-thought-through reason for doing so - as you might cause the firewall to malfunction. If you delete all firewall rules in the rule table, including the default rules, the default rules will regenerate by themselves when you click the 'Apply Changes' button.

The five default rules are:

Enable Safepipe services
This rule ensures that the data traffic that passes through Safepipe from the public interface is subjected to filtering by the following default rules and other firewall rules you may add.

Masquerade to Internet
This rule ensures that no IP addresses on your private LAN are revealed. All the matching source IP addresses - thus any source IP address - will be translated into the IP address of the public interface. The source port will be changed to an available port. When response packets are received at the interface, IP address and port are translated back to the original values, allowing the response packet to reach the original sender.

Deny access from Internet
This rule is the most basic to the concept of a firewall. It guards your private LAN against intruders by way of ensuring that all traffic coming from the public interface, i.e. the Internet, is denied access to your LAN. Should you wish to enable access for specific kinds of data traffic or to specific areas on your local network, you must define separate firewalls rule for these instances.

Enable forwarding
This rule allows all traffic to pass from one interface to another.

Enable input
This rule accepts all traffic from the private interface of Safepipe. To limit the internal data traffic within and from your private LAN, you must define additional firewall rules.

Line
© 2001 Eicon Networks