7.5.7. Using Rule Groups Creating Rule Groups

If you have a rule set with quite a few rules, it can be useful to lump some of them together into rule groups. A rule group is a contiguous set of rules that you have grouped together and assigned a name to. Once you have a group, you can collapse it down visually to save screen real estate, then pop it back open when you need to look inside.

Rule groups only affect how the rules are displayed visually. They have no affect on how the rule set is compiled or how it works on the firewall.

Let's look at a simple example of using rule groups.

Figure 7.49 shows a fragment of a set of rules. There are two rules for packets destined for eth0, several rules for packets destined for eth1, and a couple rules for eth2-destined packets.

Figure 7.49. Rules without Grouping

Rules without Grouping

The eth2 rules take up a lot of space, so let's group them together. We can then collapse the group so it uses less space.

To create the group, right-click in the rule number cell of the first "eth1" rule and select New group. (You don't have to click the first rule. Any rule in the group will do.)

Figure 7.50. Creating a Group

Creating a Group

A dialog appears. Enter the name of the group. This name is for your convenience only, so it can be anything. Here we're naming the group after the interface, but a more descriptive name can be more useful.

Figure 7.51. Naming a Group

Naming a Group

Now we have a group with one entry. This doesn't provide much value, so let's add other rules to the group. You can add as many rules as you want, but they must all be contiguous in the rule set.

Figure 7.52. Group with One Entry

Group with One Entry

To add more rules, right-click a rule adjacent to the rule in the group, then select Add to the group eth1.

Figure 7.53. Adding a Rule to a Group

Adding a Rule to a Group

Do that to the rest of the "eth1" rows, and we now have a populated group. You can select several consequtive rules and add them to the group at once.

Figure 7.54. A Group of Rules

A Group of Rules

To collapse the group, just click the little minus (-) or a triangle icon (depends on the OS and visual style) in the upper left of the group.

Figure 7.55. Collapsed Group

Collapsed Group

The group now takes up less room on your screen, though it has not changed in function. Modifying Rule Groups

You can modify a rule group after you have created it. Options are as follows:

  • Renaming a Group

    To rename a group, right-click the group name (or anywhere on the gray bar that heads the rule, and select Rename group. Then, change the name in the dialog and click OK.

  • Add more rules to a group

    You can add an existing rule to a group if the rule is directly above or below the group. Simply right-click the rule and select Add to the group eth1.

  • Remove a rule from a group

    To remove a rule from the group while leaving it in the rule set, right-click in the number of the rule (left-most column) and select Remove from the group. You can only remove the first or the last rule in the group. Rules in the middle of the group can not be removed from it.

  • Remove a rule completely

    You can remove a rule in a group entirely by right-clicking the number of the rule (left-most column) and selecting Remove rule. This will remove the rule from the rule set entirely and works the same regardless of whether the rule is a member of a group or not. If you want to move the rule to anther part of the rule set, select Cut rule instead, and then paste the rule elsewhere.


Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.