1. Dualog Support
  2. SHORE ADMINISTRATION
  3. Dualog Network Control

Dualog Network Control - Firewall Rules

Avatar
Daniele Balestrieri
Follow

INTRODUCTION

The service allows to set and manage rules to block, restrict or allow different IP-based services such as email, web browsing, instant messaging, VoIP, and file downloads. You can also control access and usage rights per network, computer, user group, or individual user on the ship.

Administrators can also set whitelists/blacklists to block specific network traffic, ultimately reducing the exposure to undesirable or risky internet services.

mceclip0.png

HOW IT WORKS

test.gif

The default behavior is blocked access. 

mceclip4.png

The settings are Name, Method, Source, Service, Auth, Service, Destination, and priority.

  • NAME

The name field refers to the naming convention of the rule itself for easy reference and identification.

  • METHOD

The Method field of the rule is compared to the method of the gateway on which the packets appear. Therefore, one particular IP packet can match different rules as it (through failover) is forwarded down the Internet gateway list.

The other fields of the rule are compared to information contained inside the IP packet.

test.gif

  • SOURCE COMPUTER

The Source computer field can be used to limit the rule to a specific onboard computer. It is compared directly to the originating computer of the IP packet (through the source field of the IP header), and they must be identical for the rule to match.

A blank Source computer field will match any packet and refers to all available LAN networks onboard.

  • AUTH (AUTHENTICATION)

Adding authentication to a rule indicates that a valid Connection Suite user within the selected account group has to login in order for it to work.mceclip6.png

If no specific user group is selected, this signifies that a valid Connection suite account within all available user groups has to login in order for the rule to work. This will be reflected as "All" under the Auth column.

mceclip9.png

For more detailed information - click here

  • SERVICE

The Service field is used to restrict a rule to a particular Service. A Service is a technical term for the combination of an Internet Protocol (most commonly TCP and UDP) and port number(s)/range.

mceclip8.png

The service indicated by the packet must match the Service in the rule configuration for a packet to match a rule. A blank Service setting will accept any packet and allow access to all available ports.

To configure a firewall service, click here for detailed instructions.

  • DESTINATION

The Destination IP mask field is used to restrict the rule to packets with a specific Internet destination. In the header of every IP packet is a destination field. This field indicates which computer on the Internet the packet is destined for. Network Control checks this field against the Destination IP settings to see if the rule matches.

The Destination IP settings can include a list of network masks in the format x.x.x.x/xx (see figure below). A rule is considered matching if the packet's destination field matches any of the masks specified in the setting. A blank field accepts any packet and allows all destination traffic to pass through.

Also, for otherwise equal rules, the term "more specific" is extended into the Destination IP setting. The most specific rule is the one that matches the most bits (from left to right) with the IP packet's destination (longest matching rule)

mceclip1.png

  • PRIORITY

Each rule ends in a Priority setting with the following values: High, Medium, Low, or Block. 

mceclip2.png

Note: The bandwidth priority for each rule will be applied based on the following setting under the Setup tab.

mceclip3.png

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section