In a firewall rule, the interface group specifies the interface that the source address is allowed to use. When you create firewall rules, you can use the predefined groups, or if you want to reference custom interfaces that are not in the default list, you can create custom interface groups.
Predefined Interface Groups
The following table describes the predefined interface groups:
Interface Group | Description |
---|---|
Matching | Ensures that arriving packets are processed through the same interface that is used to forward the corresponding reply packets. The source and destination addresses are the same. This method helps prevent a network attack in which an attacker might try using internal addresses from outside the internal network (IP spoofing). |
Any | Uses the first interface matching the request, according to the routing table. The packet source is not verified. Reply packets might be forwarded through another interface, if another interface that is capable of doing so is available. In very special configurations, checking the physical source of packets cannot be required. For security reasons, this option should only be used in very limited situations. |
DSL/DHCP | Explicitly restricts rule processing to the specified dynamic network interface (if installed and configured). |
WIFI/WIFI2/WIFI3 | Explicitly restricts rule processing to the specified Wi-Fi network interface (if installed and configured). |
VPNClients | Explicitly restricts rule processing to the specified virtual network interface of a VPN client (if installed and configured). |
3G | Explicitly restricts rule processing to the specified 3G network interface (if installed and configured). |
Create an Interface Group
To create a custom interface group:
- Go to the NETWORK > Interface Groups page.
- In the Interface Group Configuration section, click Add Interface Group.
- Enter a Name for the new interface group.
From the Interfaces drop down list, select the interfaces you want to include and add them by clicking + after each entry.
- Click Save.
The custom interface group appears in the Interface Group Configuration section.
Edit a Custom Interface Group
To edit a custom interface group:
- Go to the NETWORK > Interface Groups page.
- In the Interface Group Configuration section, click the edit symbol for the group that you want to edit.
- In the Edit Interface Group window, edit the settings for the interface group.
- Click Save.
Delete a Custom Interface Group
To delete a custom interface group:
- Go to the NETWORK > Interface Groups page.
- In the Interface Group Configuration section, click the trash can icon for the group that you want to delete.
- Click OK to delete the custom interface group.