Using the Web Manager : Web Manager Network Menu Options : Configuring firewall rules for packet filtering

Configuring firewall rules for packet filtering
When an administrative user selects the Network-Firewall menu option, the following screen appears. The administrative user can use this screen to configure packet filtering.
Network-Firewall Screen
The Network-Firewall screen provides an interface to iptables. Using this screen, an administrative user can define rules for the built-in chains. Once rules have been administratively defined, they can be edited or deleted.
Figure 6.68 shows the six built-in chains. The rules for the built-in chains are hidden. The top three chains are defined in the iptables filter table and the bottom three chains are defined in the iptables nat table. Also as shown, an Add new table_name chain_name rule button appears under the entry for each chain, for example, Add new NAT prerouting rule.
Administrative users may want to add rules to the default chains to suit their environment and their needs. The example in Figure 6.68 shows an example of an administratively-defined rule for the filter table INPUT chain. The number 0 is assigned automatically. As shown, an Edit and a Delete button appear next to the entry for each administrator-defined rule.
Adding a rule
Clicking an Add new table_name chainname rule button brings up a dialog like the one shown in Figure 6.69, which shows the dialog that appears when the administrative user clicks the Add new NAT prerouting rule button.
Network-Firewall: Add Rule Dialog
To add a new packet filtering (firewall) rule:
1.
2.
Select the Network-Firewall menu option.
3.
Click the Add new table_name chainname rule button underneath the entry for the chain to which you wish to add a rule.
4.
a.
b.
Specify a source IP and subnet mask in the form: hostIPaddress or networkIPaddress/NN.
c.
Specify a destination IP and subnet mask in the form: hostIPaddress or 
networkIPaddress/NN.
d.
e.
f.
5.
6.
Click Save and apply changes..
To edit an administrator-added packet filtering (firewall) rule:
1.
2.
Select the Network-Firewall menu option.
3.
Click the Edit button for the entry for the rule you want to change.
4.
a.
b.
Accept or change the value entered in the Source IP/mask field, using the form: hostIPaddress or networkIPaddress/NN, where NN is the subnet length.
c.
Accept or change the value entered in the Destination IP/mask in the form: hostIPaddress networkIPaddress/NN, where NN is the subnet length.
d.
Depending on which type of chain is selected, accept or change either the input or output interface selected from the Input interface or Output interface pull-down menu.
e.
f.
5.
6.
Click Save and apply changes.