Jump to content

Firewall traffic rules: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 149: Line 149:




These rules indicate that traffic from the host '''192.168.1.11''' in '''LAN''' destined to the IP address of 84.xxx.xxx.xxx on ports '''80''' and '''443''' in '''WAN''' must be accepted. The '''‘Accept forward’''' indicates the action (accept). The slider on the right side shows that the rule is enabled. The rule is above the Deny-LAN-WAN rule, so that traffic from host 192.168.1.11 (PC2) matches the first rule and is accepted. Traffic from other hosts in LAN will match the second rule and will be dropped.
These rules indicate that traffic from the host '''192.168.1.11''' in '''LAN''' destined to the IP address of 185.xxx.xxx.xxx on ports '''80''' and '''443''' in '''WAN''' must be accepted. The '''‘Accept forward’''' indicates the action (accept). The slider on the right side shows that the rule is enabled. The rule is above the Deny-LAN-WAN rule, so that traffic from host 192.168.1.11 (PC2) matches the first rule and is accepted. Traffic from other hosts in LAN will match the second rule and will be dropped.


===Opening a port on the device. ===
===Opening a port on the device. ===
Line 257: Line 257:
The rule indicates that TCP traffic coming from the host  '''84.xxx.xxx.xxx''' in the '''WAN''' to the device (router) on ports '''80''' and '''443''' will be accepted. The '''‘Accept input’''' indicates the action (accept). The slider on the right side shows that the rule is enabled.
The rule indicates that TCP traffic coming from the host  '''84.xxx.xxx.xxx''' in the '''WAN''' to the device (router) on ports '''80''' and '''443''' will be accepted. The '''‘Accept input’''' indicates the action (accept). The slider on the right side shows that the rule is enabled.


In this scenario, only the host 138.199.19.170 will be able to access the WebUI of the router via it’s public IP. Similarly, if the port is set to 22 instead of 80 and 443, the remote host would be able to connect to the device via SSH, but not WebUI.
In this scenario, only the host '''84.xxx.xxx.xxx''' will be able to access the WebUI of the router via it’s public IP. Similarly, if the port is set to 22 instead of 80 and 443, the remote host would be able to connect to the device via SSH, but not WebUI.


===Block LAN network from accessing WAN on selected ports.===
===Block LAN network from accessing WAN on selected ports.===