Services
A service is basically a definition of a specific IP protocol with corresponding parameters.
The service http, for instance, is defined as to use the TCP protocol with destination port 80.
Services are simplistic, in that they cannot carry out any action in the firewall on their own.
Thus, a service definition does not include any information whether the service should be
allowed through the firewall or not. That decision is made entirely by the firewall policies, in
which the service is used as a filter parameter.
Adding TCP, UDP or TCP/UDP Service
For many services, a single destination port is sufficient. The http service, for instance, is
using destination port 80. To use a single destination port, enter the port number in the
destination ports text box. In most cases, all ports (0-65535) have to be used as source ports.
The second option is to define a port range, a port range is inclusive, meaning that a range
137-139 covers ports 137, 138 and 139.
Multiple ranges or individual ports may also be entered, separated by commas. For
instance, a service can be defined as having source ports 1024-65535 and destination ports
80-82, 90-92, 95. In this case, a TCP or UDP packet with the destination port being one of 80,
81, 82, 90, 91, 92 or 95, and the source port being in the range 1024-65535, will match this
service.
Follow these steps to add a TCP, UDP or TCP/UDP service.
Step 1.
Go to Firewall and Service and choose add new.
Step 2.
Enter a Name for the service in the name field. This name will appear in the
service list when you add a new policy. The name can contain numbers (0-9) and upper
and lower case letters (A-Z, a-z), and the special characters - and _. No other special
characters and spaces are allowed.
Step 3.
Select TCP/UDP Service.
Step 4.
Select the protocol (either TCP, UDP or both TCP/UDP) used by the service.
Step 5.
Specify a source port or range for this service by typing in the low and high port
numbers. Enter 0-65535 for all ports, or a single port like 80 for only one source port.
Step 6.
Specify a destination port or range for this service by typing in the low and high
port numbers. Enter 0-65535 for all ports, or a single port like 80 for only one destination
port.
Step 7.
Enable the Syn Relay checkbox if you want to protect the destination from SYN
flood attacks.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.