Line 291: |
Line 291: |
| <tr> | | <tr> |
| <td>Protocol</td> | | <td>Protocol</td> |
− | <td>TCP+UDP | TCP | UDP | Other; default: <b>TCP+UDP</b></td> | + | <td>TCP+UDP | TCP | UDP | All | + Add new; default: <b>TCP+UDP</b></td> |
| <td>Specifies to which protocols the rule should apply.</td> | | <td>Specifies to which protocols the rule should apply.</td> |
| </tr> | | </tr> |
Line 377: |
Line 377: |
| You will be redirected to that rule's configuration page: | | You will be redirected to that rule's configuration page: |
| | | |
− | [[File:Networking_rutos_manual_firewall_traffic_rules_configuration_v1.png|border|class=tlt-border]] | + | ====General settings==== |
− | | + | ---- |
| + | [[File:Networking_rutos_manual_firewall_traffic_rules_configuration_general_settings.png|border|class=tlt-border]] |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
| <tr> | | <tr> |
Line 394: |
Line 395: |
| <td>string; default <b>none</b></td> | | <td>string; default <b>none</b></td> |
| <td>Name of the rule. This is used for easier management purposes.</td> | | <td>Name of the rule. This is used for easier management purposes.</td> |
− | </tr>
| |
− | <tr>
| |
− | <td>Restrict to address family</td>
| |
− | <td>IPv4 and IPv6 | IPv4 only | IPv6 only; default: <b>IPv4 and IPv6</b></td>
| |
− | <td>IP address family to which the rule will apply to.</td>
| |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>Protocol</td> | | <td>Protocol</td> |
− | <td>Any | TCP+UDP | TCP | UDP | <span style="color:red">ICMP</span>; default: <b>TCP+UDP</b></td> | + | <td>TCP | UDP | All | +Add new |<span style="color:red">ICMP</span>; default: <b>depends on the rule</b></td> |
| <td>Specifies to which protocols the rule should apply.</td> | | <td>Specifies to which protocols the rule should apply.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td><span style="color:red"> Match ICMP type</span></td> | | <td><span style="color:red"> Match ICMP type</span></td> |
− | <td> Any | ICMP-type | + Add new; default: '''none'''</td> | + | <td>Any | ICMP-type | + Add new; default: '''none'''</td> |
| <td>Allows matching specific ICMP types.</td> | | <td>Allows matching specific ICMP types.</td> |
| </tr> | | </tr> |
Line 416: |
Line 412: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Source MAC address</td> | + | <td>Source IP address</td> |
− | <td>mac; default: <b>none</b></td>
| |
− | <td>MAC address(es) of connecting hosts.<br>The rule will apply only to hosts that match MAC addresses specified in this field. Leave empty to make the rule skip MAC address matching.</td>
| |
− | </tr>
| |
− | <tr>
| |
− | <td>Source address</td>
| |
| <td>ip | ip/netmask; default: <b>any</b></td> | | <td>ip | ip/netmask; default: <b>any</b></td> |
| <td>IP address or network segment used by connecting hosts.<br>The rule will apply only to hosts that connect from IP addresses specified in this field.<br>To specify a network segment instead of one IP address, add a forward slash followed by the netmask length after the network indication (for example, <i>10.0.0.0/8</i>).</td> | | <td>IP address or network segment used by connecting hosts.<br>The rule will apply only to hosts that connect from IP addresses specified in this field.<br>To specify a network segment instead of one IP address, add a forward slash followed by the netmask length after the network indication (for example, <i>10.0.0.0/8</i>).</td> |
Line 459: |
Line 450: |
| </td> | | </td> |
| </tr> | | </tr> |
| + | </table> |
| + | |
| + | ====Advanced settings==== |
| + | ---- |
| + | [[File:Networking_rutos_manual_firewall_traffic_rules_configuration_advanced_settings.png|border|class=tlt-border]] |
| + | <table class="nd-mantable"> |
| <tr> | | <tr> |
| + | <td>Restrict to address family</td> |
| + | <td>IPv4 and IPv6 | IPv4 only | IPv6 only; default: <b>IPv4 and IPv6</b></td> |
| + | <td>IP address family to which the rule will apply to.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Source MAC address</td> |
| + | <td>mac; default: <b>none</b></td> |
| + | <td>MAC address(es) of connecting hosts.<br>The rule will apply only to hosts that match MAC addresses specified in this field. Leave empty to make the rule skip MAC address matching.</td> |
| + | </tr> |
| + | <tr> |
| <td><span style="color:green">DSCP</span>: Set Target value</td> | | <td><span style="color:green">DSCP</span>: Set Target value</td> |
| <td>Default | DSCP values; default: <b>Default</b></td> | | <td>Default | DSCP values; default: <b>Default</b></td> |
Line 470: |
Line 477: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Action</td> | + | <td>Match</td> |
| <td><span style="color:green">DSCP</span> | <span style="color:blue">Mark</span>; default: <b>none</b></td> | | <td><span style="color:green">DSCP</span> | <span style="color:blue">Mark</span>; default: <b>none</b></td> |
| <td>Match traffic against the given DSCP value or firewall mark</td> | | <td>Match traffic against the given DSCP value or firewall mark</td> |
Line 489: |
Line 496: |
| <td>Adds extra .iptables options to the rule.</td> | | <td>Adds extra .iptables options to the rule.</td> |
| </tr> | | </tr> |
| + | </table> |
| + | |
| + | ====Time restrictions==== |
| + | ---- |
| + | [[File:Networking_rutos_manual_firewall_traffic_rules_configuration_time_restrictions.png|border|class=tlt-border]] |
| + | <table class="nd-mantable"> |
| <tr> | | <tr> |
| <td>Week days</td> | | <td>Week days</td> |