Professional Documents
Culture Documents
ClearOS Firewall is one of the best Open Source Linux firewall distribution. It is an extremely
flexible Firewall App build to configure mainly for Open source platform. This firewall is mainly
designed to prevent unauthorized access to or from a private network that uses range from one
hardware to multiple sharing. Here we provide you with the complete guide to access all features of
Linux Firewall.
ClearOS firewall as the best source
Works as a command-line firewall, designed by ClearFoundation team. These Firewalls are divided
mainly into Incoming and Custom firewalls.
These Apps always come pre-installed on our ClearOS Platform. To update/install it, just retrieve
the App:
Custom Firewall
While carrying out the deep process as an administrator one will be able to accomplish all their
firewall needs using the standard ClearOS web interface, though it may be necessary to add custom
firewall rules in some scenarios. The Custom Firewall tool provides a way to create advanced
firewall rules. Thus to carry out all of the modules, one has to first install it from the ClearCenter
Marketplace.
MarketPlace
The ClearCenter Marketplace is a service that allows administrators to browse and search for apps
compatible with the platform/version and install them. Apps are applications that have been
specifically developed and integrated into the ClearOS webconfig user-interface that extends or
enhances the functionality and/or security of a system.
Your Marketplace can be customised by clicking on the 'Settings' button found among the cluster of
buttons/links used for paginating the Marketplace apps and beginning the install process. To
enhance the process more simply lets take an example for the same with all of the possible IP
Cases.
Custom Firewall Module Examples
This is an example to show all of the cases that exist for Custom firewall in ClearOS. This guide
contains examples of some useful rules. Such that how it was used to protect your server or network
from being unauthorized used.
For these examples we will use the network WAN network of 1.2.3.0/28 with .1 as the target router
of our ISP, .4 is our ClearOS server. The DMZ network is 5.6.7.0/27 with 5.6.7.8 as the ClearOS
DMZ IP address. The HotLAN network is 172.22.22.0/24 with ClearOS as 172.22.22.22. The is
192.168.1.0/24 with 192.168.1.1 as the ClearOS server and 192.168.1.10 as a third party web/file
server.
Firewalling
Port-based Filtering
Case: 2. This example is relative to Port bases filtering. Based on passing traffic to bypass content
filter it usually singles out all of the ports and drop them at a certain host or a range of them. For
example, you can block SMTP for your entire DHCP range of addresses if your DHCP scope goes
from 192.168.1.128-254
iptables -t nat -I PREROUTING -s 192.168.1.128/25 -p tcp --dport 25 -j DROP
Gateway Services
Case: 5. To bypass all gateway services except for NAT, you can use a rule like this:
iptables -t nat -I PREROUTING -s 192.168.1.99 -j ACCEPT
This rule will bypass all filtering of all types for this IP address. If you want to limit it to bypass for
TCP only services, you the following:
iptables -t nat -I PREROUTING -s 192.168.1.99 -p tcp -j ACCEPT
HotLAN to LAN
Case: 6. HotLan to Lan. This is similar to a Pinhole method in the DMZ app. For this example, your
network is 10.1.1.0/24 and your HotLAN network is 192.168.1.0/24. In this example the service is
port 25 SMTP on the server 10.1.1.10. You can even add a forwarding rule using the Custom
Firewall app:
iptables -I FORWARD -p tcp -s 192.168.1.0/24 -d 10.1.1.110 --dport 25 -j ACCEPT
Incoming Firewall
The Firewall Incoming feature is mainly used for two primary purposes. Other following the same
Marketplace feature as used in Custom Firewall
Installation
Incoming Connections
Whenever a firewall is enabled on your ClearOS system, the default behaviour that comes into
action is to block all external traffic coming to your server. But what on the case if one wants to use
if for other running services on your ClearOS system that can be accessed out from the Internet
either it is for Dynamic DNS or Dynamic VPN. Thus in such cases you will need to add the
firewall policy. For example, the Open VPN Feature requires UDP port 1194 to be open on the
firewall.
You can also open up ports to allow for remote management of your ClearOS system. For example,
you can open up TCP port 81 to give access to Webconfigure.
There are three ways to add an incoming firewall rule:
select a standard service in the Standard Services drop down
input a protocol and single port number in the Port Number box.
input a protocol and multiple consecutive ports in a port range in the Port Range box.