Chapter 3. Program Reference

The Zone Tab

Guarddog is built around the concept of zones containing IP addresses, and then managing which network protocols are permited between the different zones. This tab is where zones and thier contents are managed.

The list of currently defined zones is on the left side of the tab under Defined Network Zones:. The properties of the currently selected zone are shown in the Zone Properties area. The New Zone and Delete Zone buttons in the bottom left corner of the tab create new zones or delete the currently selected zone.

There are two zones which are built-in and can not be modifed or deleted. They are called the Internet and Local zones. The Local zone automatically contains the IP addresses of the network interfaces for the machine that the firewall runs on. Note that the list of addresses in this zone are not actually shown in the window. The Internet zone automatically contains the IP addresses of anything that is not in another zone. It acts as the default zone holding addresses that are not in any other zone.

Each zone has a name that can be edited in the Name: text edit box. It is recommended that this be kept relatively brief. A longer comment can be entered for each zone in the Comment: text edit box.

Addresses

Each zone consists of a number of IP addresses. The Zone Addresses list holds the list of IP addresses for the currently selected zone. Addresses can be added to the list by using the New Address button. The currently selected address can be deleted using the Delete Address button. The text field next to Address:, allows you to edit the currently selected address.

Addresses and ranges of addresses can be specified in several ways:

  • Numeric IP address (dotted quad). Whole networks can be specified by using a mask. Masks can be network masks (e.g. 255.255.255.0) or a plain number (e.g. 24). Some examples are: 123.34.56.78, 192.168.1.1/24 and 192.168.1.1/255.255.255.0 (the last two mean all the addresses from 192.168.1.1 to 192.168.1.255)

  • Domain name. Only Fully Qualified Domain Names (FQDN) are allowed, something like .simonzone.com will not work. A complete name is required, like www.simonzone.com, for example.

Connection

The Connection list allows you to specify which other zones the currently selected zone is connected to. When a zone is connected to another zone, that particular combination will appear on the Protocol tab. If a combination is not selected here then it won't appear on the Protocol tab, and no communication will be permitted between the two zones.