Inclusivity and Exclusivity
Understanding these two concepts is a important for all firewalls. In Vallum this is even more important as its flexibility allows you to create very complex set of rules.
Exclusive means “pass everything by default, block only specific connections”
Inclusive means “block everything by default, pass only specific connections”
You will be asked to make a choice between these two approaches several times during your firewall configuration, at different levels. The first choice you need to make is the default firewall setting: do you want to pass everything by default or block everything by default? Then the same choice can be done for each app. Some apps may be allowed to connect to everyone excluding specific addresses and ports , some other apps may be allowed to connect only to specific ports or subnet, blocking everything else. Then you can take advantage of Vallum three rules layers (Global Rules, Managed Apps, Managed Folders) to create set of overlapping and overriding rules. For example you can block a folder (issuing a Managed Folder rule), but then you can pass an app included in that folder (managing the app in Managed Apps). This app can be se to connect only to a specific subnet (issuing an app rule), but then you can block a few IP addresses of this subnet (issuing Global Rules).
It’s up to you to master Vallum filter logic and to combine all its rules to create firewall rules. However Vallum Configuration Assistant helps you showing some examples.