Rules Overview in Micro Edge

Summary

Micro Edge uses rules in many areas of the configuration. Rules follow a common set of criteria and behavior. This article provides an explanation of rule processing and components in Micro Edge.

Conditions & Syntax

Rule can have a list of conditions. The conditions define what elements match the existing rule upon evaluation. If a rule has no conditions, it always matches. A condition has a type, operator, and a value.

For a complete description of Rule Syntax and Conditions refer to Conditions Syntax in Micro Edge rules.

Rule Execution

Rules determine how to handle network traffic. For example, Filter Rules determine whether to allow or block a certain type of traffic.

Each rule comprises of

  • a description
  • zero or more conditions
  • an action to take if all the above conditions match
  • a flag to enable or disable the rule

Rules are evaluated from the top down until a matching rule condition is found. The corresponding action is performed and no further rules are evaluated.

For example, a Filter Rule to allow TCP traffic on port 80 to pass would look like:

mceclip0.png

This rule can be interpreted as "If the packet has an IP protocol of TCP and a destination of port 80, then allow this packet to pass and cease checking the packet for any more rules."

When evaluating this rule, if the packet is not TCP or it doesn't have a destination port of 80, then this rule does not match and subsequent rules are evaluated.

Rulesets

Rules can be grouped together to form a set of rules to achieve a desired effect. Using the example of Filter Rules, two very common types of rulesets:

  • Accept everything and explicitly block some traffic
  • Reject all traffic except things explicitly allowed

An example of the "Accept all except certain traffic" ruleset would comprise of two rules as follows:

Rule 1: "If the packet is a TCP packet and has a destination port of 21 then drop"
Rule 2: "Accept all packets"

This simple ruleset drops all TCP port 21 packets, and allows anything else.

Rule 1 just drops the TCP port 21 packets, and for all packets that are not port 21 and TCP, the second rule is evaluated.
Rule 2 has no conditions attached to it, therefore all packets will match it if they get to it. As it has an action of "Allow", all packets that reach it will be allowed.

An example, the "Reject all except certain traffic" ruleset would look like the following:

Rule 1: "If the packet is a TCP packet and destination port is 53 then allow"
Rule 2: "If the packet is a UDP packet and destination port is 53 then allow"
Rule 3: "If the packet is a TCP packet and destination port is 80 then allow"
Rule 4: "If the packet is a TCP packet and destination port is 443 then allow"
Rule 5: "Reject all packets"

This ruleset is a bit more complicated.
Rules 1-4 allow specific DNS, HTTP, and HTTPS traffic via their standard protocol & ports.
Rule 5 rejects everything else.
A ruleset like this is very restrictive as only traffic that meets rule 1-4 is allowed, and everything else is rejected.

While these examples are quite simple, large rulesets with a variety of rules and conditions can be crafted in a very specific order to achieve the desired effect.

Actions

Rules have an assortment of actions. The type of actions available depends on the goal of the ruleset.
For Filter Rules, the goal is to just block or pass certain packets: therefore, there are only a few basic actions:

  • Accept - accepts the packet and stops processing further Filter Rules immediately
  • Reject - rejects the packet immediately and stops processing further Filter Rules immediately
  • Drop - drops the packet immediately and stops processing further Filter Rules immediately

The actions available in a given ruleset vary depending on what the rules do.

Follow
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk