Fire Door! Common version 1.0beta1, 11 March 1996
Copyright ©1996 by Equivalence, equival@ozemail.com.au

Help on Security Configuration

Overview of security

Fire Door uses a comprehensive security model which can be tailored to almost any need. At the heart of the model is a list of IP address pairs which determine which hosts are allowed to initiate connections to which other hosts. For example, the IP address pair: 
10.0.2.1  :  129.5.2.3
indicates that the machine with the IP address 10.0.2.1 can initiate connections with the machine which has the IP address 129.5.2.3.

The special values 0 and 255 can be used as "wildcards" to specify groups of IP addresses. For example, the IP address pair: 

10.255.255.255  :  255.255.255.255
indicates that any machine with an IP address of the form 10.x.x.x can initiate connections with any other machine.

Restriction List

The Restriction List contains the pairs of IP addresses that determine which connections Fire Door will allow.

When an incoming request arrives, Fire Door searches the list starting from the first restriction entry until it finds a match for the incoming IP address. If the list is empty (the default), then any requested connection will be authorised

Once a match has been found for the incoming IP address, the connection will only be authorised if the destination address matches the right hand side of the restriction entry. If the restriction entry does not permit the connection, then Fire Door will continue searching the list until a restriction entry is found which does authorise the connection, or the end of the list is found. If no matching restriction entry is found, then the request is denied.

NOTE - the Restriction List applies to connections attempted from all IP addresses, both from your private network and from the Internet. It is possible to allow users on the Internet to access your private network if the Restriction List is not set correctly. The simplest way to avoid this is to only have entries in the Restriction List which have your private IP numbers on the left hand side.

Adding restrictions

Security restrictions can be added to the Restriction List using the form on the Security Configuration page. Enter the left hand side of the new restriction into the field labelled "Originator", and enter the right hand side of the new restriction into the field labelled 'Destination".

Press the button labelled "Accept", and a new page will be displayed confirming that the new restriction has been added. Use "Back" button on your browser to redisplay the Security Page and confirm that the new restriction appears in the list. It may be necessary to use the "Reload" button on your browser to display the new list.

Removing restrictions

Security restrictions can be removed from the list by deleting the destination field for a particular originator.

Press the button labelled "Accept", and a new page will be displayed confirming that the restriction has been removed. Use "Back" button on your browser to redisplay the Security Page and confirm that the new restriction appears in the list. It may be necessary to use the "Reload" button on your browser to display the new list.

Changing restrictions

Security restrictions cannot be altered once they have been created. To change a security restriction, first delete the restriction and then add a new one.

Press the button labelled "Accept", and a new page will be displayed confirming that the restriction has been changed. Use "Back" button on your browser to redisplay the Security Page and confirm that the new restriction appears in the list. It may be necessary to use the "Reload" button on your browser to display the new list.