If you have a rule set with quite a few rules, it can be useful to lump some of them together into rule groups. A rule group is a contiguous set of rules that you have grouped together and assigned a name to. Once you have a group, you can collapse it down visually to save screen real estate, then pop it back open when you need to look inside.
Rule groups only affect how the rules are displayed visually. They have no affect on how the rule set is compiled or how it works on the firewall.
Let's look at a simple example of using rule groups.
Figure 7.49 shows a fragment of a set of rules. There are two rules for packets destined for eth0, several rules for packets destined for eth1, and a couple rules for eth2-destined packets.
The eth2 rules take up a lot of space, so let's group them together. We can then collapse the group so it uses less space.
To create the group, right-click in the rule number cell of the first "eth1" rule and select. (You don't have to click the first rule. Any rule in the group will do.)
A dialog appears. Enter the name of the group. This name is for your convenience only, so it can be anything. Here we're naming the group after the interface, but a more descriptive name can be more useful.
Now we have a group with one entry. This doesn't provide much value, so let's add other rules to the group. You can add as many rules as you want, but they must all be contiguous in the rule set.
To add more rules, right-click a rule adjacent to the rule in the group, then select.
Do that to the rest of the "eth1" rows, and we now have a populated group. You can select several consequtive rules and add them to the group at once.
To collapse the group, just click the little minus (-) or a triangle icon (depends on the OS and visual style) in the upper left of the group.
The group now takes up less room on your screen, though it has not changed in function.
You can modify a rule group after you have created it. Options are as follows:
Renaming a Group
To rename a group, right-click the group name (or anywhere on the gray bar that heads the rule, and select. Then, change the name in the dialog and click .
Add more rules to a group
You can add an existing rule to a group if the rule is directly above or below the group. Simply right-click the rule and select.
Remove a rule from a group
To remove a rule from the group while leaving it in the rule set, right-click in the number of the rule (left-most column) and select. You can only remove the first or the last rule in the group. Rules in the middle of the group can not be removed from it.
Remove a rule completely
You can remove a rule in a group entirely by right-clicking the number of the rule (left-most column) and selecting. This will remove the rule from the rule set entirely and works the same regardless of whether the rule is a member of a group or not. If you want to move the rule to anther part of the rule set, select instead, and then paste the rule elsewhere.
Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
Using free CSS Templates.