74
11 Definitions
In mainmenu "Definitions" you define various objects which will be used by various
setup options.
11.1 IP objects
Give a name to individual IP addresses or networks or group them. You can then use
these definitions in various configuration options, e.g. firewall rules. This enhances
readability and clarity.
A table gives you an overview of all available objects. If there are more than 10 entries,
a navigation bar will appear below the right bottom hand corner of the table where you
can page through the entries or open the table in fullscreen mode. Pick an entry by
clicking either its title or the pencil icon to enter the detail view. Add new objects by
clicking "New Entry" below the table on the left. Use the dustbin icon to delete entries.
Type
Select the type of object here.
Group
Objects of this type represent an arbitrary amount of addresses. It is also possible
to nest objects by including other definitions.
DNS entry
The name of this group is a DNS host name. The list of IP addresses is updated
automatically using DNS lookups. The DNS information is updated after system
restarts, after changes in IP objects and at regular intervals as configured in menu
"Modules > DNS > Settings" on tab "DNS IP objects".
Since DNS data can be forged comparatively easily, we do
not recommend to use them for sensitive settings like e.g.
inbound firewall rules.
IPv6 prefix
This object type represents an IPv6 prefix. It may depend upon an other, shorter
prefix. This lets you split up the prefix you received from your provider.
Let's assume a prefix object contains your company's global prefix
"2001:db8::/48". Now create an other prefix object, refer it to the provider prefix
and configure the subnet ID "0.0.0:1::/64". The prefix object now represents
"2001:db8:0:1::/64".