====== KeexyBox - Profiles - Manage firewall ======

With KeexyBox you can create firewall rules to accept or drop protocols to the Internet. For example, it can block peer to peer.

You will need a minimum of technical knowledge of TCP/IP to create rules. The KeexyBox firewall only allows you to create rules for outgoing connections. Unlike common firewalls, the source will not be an IP address but a profile. So all users or devices using the connection profile will inherit the firewall rules defined for it.

When you make changes on firewall rules as decribed below, you will need to reload the profile.
==== List firewall rules ====

  - Use your browser and connect to the [[using_admin_access|KeexyBox Management Web interface]].
  - On left menu, go to ''Connection settings -> Profiles''.
  - Identify in the list the profile you wish add rules.
  - Click on {{:keexybox_ico:fire.png?nolink}}.
  - The ''Manage firewall rules'' page will open in a new window.

==== Add a firewall rule ====

There are two ways to add rules. Either you add one at the top or you add one after an existing one.
More a rule is at top, top is the priority of the rule.

=== Add a rule at top ===

  - At the top left of the ''Manage firewall rules'' page, click on {{:keexybox_ico:plus.png?nolink}}.
  - You will be redirected to a new form to create the rule.
  - [[#Edit a firewall rule|Edit the rule]].
  - When you are done, click on ''Save'' otherwise click on ''Cancel''.

=== Add a rule after another one ===

  - In the list of firewall rules, identify the rule after which you want to add the new one.
  - In ''Action'' column click on {{:keexybox_ico:plus.png?nolink}}.
  - You will be redirected to a new form to create the rule.
  - [[#Edit a firewall rule|Edit the rule]].
  - When you are done, click on ''Save'' otherwise click on ''Cancel''.


==== Modify a firewall rule ====

  - Identify in the list the firewall rule you wish to modify.
  - Click on ''Edit'' {{:keexybox_ico:edit.png?nolink}} button.
  - You will be redirected to the edit rule form.
  - [[#Edit a firewall rule|Edit the rule]].
  - When you are done, click on ''Save'' otherwise click on ''Cancel''.


==== Edit a firewall rule ====

^Field^Option^Description^
|**Source profile**|You can't change it. It represents all the source IPs that will use the profile.||
|**Destination type**|Choose if the destination is a ''Network or single IP'' or an ''IP range''.||
|:::|''Network or single IP''|Define the IP address and the netmask.|
|:::|''IP range''|Define the first and end IP addresses of the range.|
|**Destination port range**|By default the rule is defined to any destination ports. If you want to define ports, click on ''Set ports''.||
|:::|Set a single port|if you want to set a single port, just define port number on field ''port''.|
|:::|Set a port range|if you want to set a port range, define the lower port number on the field ''port'' and the greatest port number on the field ''last port''.|
|:::|{{:keexybox_ico:trash.png?nolink}} button|This button allows you to delete the port range.|
|**Protocol**|''TCP''|Rule only works for TCP connections.|
|:::         |''UDP''|Rule only works for UDP connections.|
|:::         |''TCP and UDP''|Rule works for TCP and UDP connections.|
|**Action**|''ACCEPT''|Allow the connection to the defined destinations.|
|:::|''DROP''|Deny the connection to the defined destinations.|
|**Rule enabled**|Uncheck this box if you want the rule to be inactive otherwise check it.||


==== Sort firewall rules ====

When you have created several rules you will certainly want to reorganize them and change the priorities between them.

There are two ways to change the order of the rules:
  * By drag and drop
  * By using Bulk actions

You can drag and drop only if you use a computer. If you want to move a rule from a touchscreen device, use bulk action to move the rule.
In the column called ''position'', there is a number that indicates the position of the rule. Lower is the number of the rule, higher is the priority of the rule. This number can be use to move rules between them.

=== Drag and drop a rule ===

  - Identify in the list the firewall rule you wish to move.
  - click and hold the click on the icon {{:keexybox_ico:drag.png?nolink}} and drag and drop the rule above or below another one.

=== Bulk action ===

  - Identify in the list the firewall rule you wish to move.
  - Check the box to the left of the rule.
  - At the bottom of the page, in the selection menu ''(select action)'', choose ''Move before position'' or ''Move after position''.
  - Then choose the number of the rule you wish to move the rule before or after.
  - Click on ''Run'' to confirm the action.
==== Delete a firewall rule ====

  - Identify in the list the rule you wish to delete.
  - In ''Action'' column, click on trash {{:keexybox_ico:trash.png?nolink}} button.
  - You will get a message asking you to confirm the deletion. Answer ''yes''.

==== Bulk actions ====
Bulk actions allows you to massively doing actions on rules.

In the list of firewall rules:

  - Check boxes to the left of the rules.
  - At the bottom of the page, on the selection menu ''(select action)'', choose one of the available actions.
  - Click on ''Run'' to confirm the action.

The available actions are discribed below.

  * ''Disable'': This action allows you to disable selected firewall rules.
  * ''Enable'': This action allows you to enable selected firewall rules.
  * ''Copy to a profile'': This action allows you to copy selected firewall rules to another profile.
  * ''Move before position'': See [[#Sort firewall rules]].
  * ''Move after position'': See [[#Sort firewall rules]].
  * ''Delete'': This action allows you to delete selected firewall rules.

==== Reload the profile to reload firewall rules ====

In the list of firewall rules, click on {{:keexybox_ico:restart.png?nolink}}. This action will reload all network rules of the profile.