From → you can configure general packet filter rules or define them to each network object.
At configuration window we can establish a deny policy for network packets. If you select this deny policy, it will be notified to the sender that the packet will be denied on destination. If you select an ignorance policy for network packets, they will be filtered and discarded without any notification.
Making a click on Packet filer rules, you can access to a rule list for the eBox firewall. Each rule can be enabled or disabled without remove it. These rules, will be applied from top to bottom, so order could be important. On each rule, you can select its transmission protocol, which action to apply if a packet matches this rule (accept it or deny it), origin address and port and destination address and port. When specifying an address or a port, you can choose which ones belongs to the rule or which not, to enhance its flexibility and clearness of the rules, reducing the amount.
Inside Default rules configuration, we can establish rules to be applied by default to each eBox object. This includes a general policy for the object, denying or accepting some services allowed to select from a list. It also includes the creation of a specific rules list for the object, which allow or deny connections with a protocol, a destination address (with a network mask) and certain ports. These rules can be enabled or disabled without removing them, as in eBox filtering rules
At the bottom, we can choose an eBox network object from the selection list, and clicking on "Go", to apply the specified packet filtering rules. Between the selectable options for network objects we find: fix a specific policy or use a global policy, accepting or denying some services, from the Services selection list, and create rules for the object in the same way they are created for the global policy.