This is an old revision of the document!

Firewall Profiles

Introduction

Firewall Profiles are the most advanced tool available in MESHdesk and APdesk to manage usage.
It allows you to tailor make a Firewall Profile and assign it to an Exit Point or selected user devices.
As an overview of available tools to mange usage we have:
- WiFi Schedules → Turns a specific SSID on and off on selected times.
- Throttling and Blocking Users → These are on selected user devices and always applied.
- Firewall Profiles → Swiss Knife that allows you to roll your own.
The rest of this document will cover Firewall Profiles in detail.

The design philosophy followed by most components in RADISUdesk is one of define once, apply to many.
With the Firewall Profiles we also follow this philosophy.
A Firewall Profile can be applied to user devices that connects to the MESHdesk and APdesk networks.
A Firewall Profile can also be applied to an Exit Point which is defined on a MESHdesk and APdesk network, e.g. a bridge, a NAT/DHCP gateway or a Captive Portal.
We also allow the root user to define site wide Firewall Profiles.
Site wide Firewall Profiles are available to all clouds.
This further reduces duplication.

The Firewall Profile Applet is available under Other → Firewall
A Firewall Profile consists of the following:
- Firewall Profile Name
- One or more Rules
- A Rule in turn can contain one or more Apps (If the Rule's category is selected as App)
Lets create a simple Firewall Profile that will block YouTube between 7AM and 5PM during weekdays.

Click on the Add Toolbar Button to create a new Firewall Profile
We selected to make it system wide (Indicated by the Umbrella Icon in the Name banner.)
Next we can start to add Rules.
If a rule's Category is App you should select one or more predefined Apps to be part of the rule.
An App has to be defined and contains a list of IP Addresses. (For the technical minded, these will be bundled into a set to be used by nftables.