I have been running UTM since version 8 in 2011. But only recently have I enabled the firewall feature. I have the UTM in bridged mode behind a run of the mill ATT box, which presumably has its own firewall.
My questions are these:
1. Are rules only 1 way? I.e. in the firewall, I see something like "Bridged Network" -> http -> Any IPv4.
Does the above mean that hosts on the Bridged Network can view http protocol based sites on any ipv4 address; BUT any ipv4 CANNOT view http sites on Bridged Network? I.E. it goes in the same direction of the arraw and is not bidirectional? Windows Firewall is more clear in that it has two seperate windows: incoming and outgoing.
2. Is there any application layer filtering enabled in the UTM V9? Like if I allow http/https, cant malware just use those ports instead of something random? If so, shouldn't there be more granular control somehow of this?
3. When opening ports on the firewall, It would be nice to view currently established connections between a source and destination node. From What i see there is a crude log file for firewall, but is there a better UI for viewing dropped packets, currently established connectiosn etc..? The report didn't load in real time.
This thread was automatically locked due to age.
