24. Network & Policy » Whitelist Template

Whitelists can be used to prevent Wanguard Filter from blocking traffic you consider essential. By default, during inbound attacks, destination ports and IPs are blocked only in worst-case scenarios when no other attack pattern is identified. However, sometimes it’s preferable to allow possibly malicious traffic to enter rather than risk blocking critical traffic.

You can assign whitelist rules directly to each Filter defined in Configuration » Components. But if you need the same whitelist rules across multiple Filters, it’s simpler to put them in a Whitelist Template and apply that template to the Filters that require it.

WHITELIST_TEMPLATE_8.10.png

Each whitelist rule defines several metrics:
Prefix – The whitelist rule is evaluated only if the anomaly’s IP address is included in this prefix. 0.0.0.0/0 matches any IPv4, ::/0 matches any IPv6, /0 matches any IP
Decoder – The decoder this whitelist rule applies to, or All to match any decoder used by the anomaly
Rule Type – Possible options: IP Address, Src Port TCP, Dst Port TCP, Src Port UDP, Dst Port UDP, ICMP Type, Packet Length, IP TimeToLive, IP Protocol
Operator – Operators for strings/numbers include equal and non-equal. Numbers also support less than and greater than. equal can match IP addresses in CIDR notation, port ranges (e.g., <port_min>:<port_max>), or packet size ranges (<pkt_size_min>:<pkt_size_max>)
Rule Value – The custom value defined by the user
FW Policy – If set to Permit and Operator is equal, the Filter explicitly allows the matched traffic through the Netfilter firewall. Otherwise, broader filtering rules may override it
Comments – (Optional) A short description of the whitelist rule
For example, if your DNS server on port 53/UDP is attacked by spoofed addresses, the software may block traffic to that server on 53/UDP, making it partially unreachable from the Internet. Avoid this scenario by adding the whitelist rule [Prefix = your DNS server, Decoder = ANY, Rule Type = Dst Port UDP, Operator = equal, Rule Value = 53, FW Policy = Permit].
You can set the priority of the filtering rules in General Settings » Anomaly Mitigation.

Note

When a filtering rule matches a whitelist entry, it appears with a white flag. However, it is never applied to the firewall.