Edit Apps Rules
Each managed app has its own set of rules. To inspect an app’s rules select its icon in Managed Apps view and click the magnifier button to open the App Rules popover view.
This view shows a list of allowed and blocked items.
Items can be:
- IPv4/IPv6 IP address
- IPv4/IPv6 network address (CIDR format like 192.168.0.0/24 or fc00::/7)
- TCP/UDP port
- TCP/UDP ports range (for example: 2000:3000)
- group Everyone (includes the whole IPv4 and IPv6 address spaces)
There are different ways to edit apps rules:
- answering notification alerts
- manually adding rules in App Rules popover view
- switching app rule from gear button in App Rules popover view
- clicking the locker to change app rule in Managed Apps view
App rules order
App rules order matters. Rules are evaluated from top to bottom, the first matching rules wins.
However, unlike in other Vallum rules layers, Apps rules cannot be manually reordered.
Every time you add a new rule Vallum takes care of placing each rule in the right place following these scheme:
- blocked IP addresses
- passed IP addresses
- blocked networks
- passed networks
- blocked ports
- passed ports
- blocked port ranges
- passed port ranges
- Everyone group
If a connection matches one or more rules the connection is passed or blocked according to the first matched rule.
Rules can be added answering notification alerts or manually.
Click “+” and “-“ to manually add or remove App rules. Vallum will always take care of checking syntax and illegal overrides.
You can also add the “Everyone” group clicking the 'everyone' button.
Adding and removing items automatically affects app status. For example adding group Everyone to a mixed state app will change its status and disable notifications for that app.
Changes are activated immediately but they don't have effect on already established connections.