Jump to content
  • EN

Template:Networking rutos manual firewall: Difference between revisions

← Older editNewer edit →
VisualWikitext
No edit summary
No edit summary
Line 405: Line 405:
     <tr>
     <tr>
     <td>Protocol</td>
     <td>Protocol</td>
         <td>TCP | UDP | <span style="color:red">ICMP</span> | All | +Add new; default: <b>depends on the rule</b></td>
         <td><span style="color:blue">TCP</span> | <span style="color:blue">UDP</span> | <span style="color:red">ICMP</span> | All | +Add new; default: <b>depends on the rule</b></td>
         <td>Only match traffic using the given internet communication protocol.
         <td>Only match traffic using the given internet communication protocol.
           <ul>
           <ul>
               <li>Possible variants:</li>
               Possible variants:
               <li><b>TCP:</b> used by most applications (e.g., web browsing, file downloads, games)</li>
               <li><b>TCP:</b> used by most applications (e.g., web browsing, file downloads, games)</li>
               <li><b>UDP:</b> used by real-time applications that can accept packet loss (e.g., voice calls, video streaming)</li>
               <li><b>UDP:</b> used by real-time applications that can accept packet loss (e.g., voice calls, video streaming)</li>
Line 419: Line 419:
     <tr>
     <tr>
         <td><span style="color:red"> Match ICMP type</span></td>
         <td><span style="color:red"> Match ICMP type</span></td>
         <td>Any | ICMP-type | + Add new; default: '''none'''</td>
         <td>Any | ICMP-type (list) | + Add new; default: <b>Any</b></td>
         <td>Allows matching specific ICMP types.</td>
         <td>Only match traffic having the given ICMP type.</td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 432: Line 432:
         <td>Only match traffic coming from the given network address.
         <td>Only match traffic coming from the given network address.
           <ul>
           <ul>
               <li>Possible variants:</li>
               Possible variants:
               <li><b>Any:</b> Match everything</li>
               <li><b>Any:</b> Match everything</li>
               <li><b>IP address:</b> 192.168.1.1</li>
               <li><b>IP address:</b> 192.168.1.1</li>
Line 443: Line 443:
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Source port</td>
         <td><span style="color:blue">Source port</span></td>
         <td>FTP data (20) {{!}} FTP cmd (21) {{!}} SSH (22) {{!}} Old SMTP (25) {{!}} DNS (53) {{!}} HTTP (80) {{!}} NTP (123) {{!}} BGP (179) {{!}} HTTPS (443) {{!}} ISAKMP (500) {{!}} Modern SMTP (587) {{!}} RDP (3389) {{!}} + Add new; default: <b>Any</b></td>
         <td>FTP data (20) {{!}} FTP cmd (21) {{!}} SSH (22) {{!}} Old SMTP (25) {{!}} DNS (53) {{!}} HTTP (80) {{!}} NTP (123) {{!}} BGP (179) {{!}} HTTPS (443) {{!}} ISAKMP (500) {{!}} Modern SMTP (587) {{!}} RDP (3389) {{!}} + Add new; default: <b>Any</b></td>
         <td>Only match traffic coming from the given port.
         <td>Only match traffic coming from the given port.
           <ul>
           <ul>
               <li>Possible variants:</li>
               Possible variants:
               <li><b>Any:</b> Match everything</li>
               <li><b>Any:</b> Match everything</li>
               <li><b>Port:</b> 422</li>
               <li><b>Port:</b> 422</li>
Line 465: Line 465:
         <td>Only match traffic being forwarded to the given network address.
         <td>Only match traffic being forwarded to the given network address.
           <ul>
           <ul>
               <li>Possible variants:</li>
               Possible variants:
               <li><b>Any:</b> Match everything</li>
               <li><b>Any:</b> Match everything</li>
               <li><b>IP address:</b> 192.168.1.1</li>
               <li><b>IP address:</b> 192.168.1.1</li>
Line 476: Line 476:
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Destination port</td>
     <td><span style="color:blue">Destination port</span></td>
         <td>FTP data (20) {{!}} FTP cmd (21) {{!}} SSH (22) {{!}} Old SMTP (25) {{!}} DNS (53) {{!}} HTTP (80) {{!}} NTP (123) {{!}} BGP (179) {{!}} HTTPS (443) {{!}} ISAKMP (500) {{!}} Modern SMTP (587) {{!}} RDP (3389) {{!}} + Add new; default: <b>Any</b></td>
         <td>FTP data (20) {{!}} FTP cmd (21) {{!}} SSH (22) {{!}} Old SMTP (25) {{!}} DNS (53) {{!}} HTTP (80) {{!}} NTP (123) {{!}} BGP (179) {{!}} HTTPS (443) {{!}} ISAKMP (500) {{!}} Modern SMTP (587) {{!}} RDP (3389) {{!}} + Add new; default: <b>Any</b></td>
         <td>Only match traffic being forwarded to the given port.
         <td>Only match traffic being forwarded to the given port.
           <ul>
           <ul>
               <li>Possible variants:</li>
               Possible variants:
               <li><b>Any:</b> Match everything</li>
               <li><b>Any:</b> Match everything</li>
               <li><b>Port:</b> 422</li>
               <li><b>Port:</b> 422</li>
Line 490: Line 490:
     <tr>
     <tr>
     <td>Action</td>
     <td>Action</td>
         <td>Drop | Accept | Reject | Don't track | <span style="color:green">Change DSCP</span> | <span style="color:blue">Mark</span> | <span style="color:red">Change TTL</span>; default: <b>Accept</b></td>
         <td>Drop | Accept | Reject | Do not track | <span style="color:green">Change DSCP</span> | <span style="color:olive">Mark</span> | <span style="color:red">Change TTL</span>; default: <b>Accept</b></td>
         <td>Take given action when traffic matches all conditions.
         <td>Take given action when traffic matches all conditions.
             <ul>
             <ul>
                Possible variants:
                 <li><b>Accept</b> – packet gets to continue to the next chain.</li>
                 <li><b>Accept</b> – packet gets to continue to the next chain.</li>
                 <li><b>Drop</b> – packet is stopped and deleted.</li>
                 <li><b>Drop</b> – packet is stopped and deleted.</li>
                 <li><b>Reject</b> – packet is stopped, deleted and, differently from Drop, an ICMP packet containing a message of rejection is sent to the source from which the dropped packet came.</li>
                 <li><b>Reject</b> – packet is stopped, deleted and, differently from Drop, an ICMP packet containing a message of rejection is sent to the source from which the dropped packet came.</li>
                 <li><b>Don't track</b> – packet gets excluded from connection tracking (conntrack).</li>
                 <li><b>Do not track</b> – packet gets excluded from connection tracking (conntrack).</li>
                 <li><b>DSCP</b> – packet is marked with specified DiffServ Code Point value.</li>
                 <li><b>DSCP</b> – packet is marked with specified DiffServ Code Point value.</li>
                 <li><b>Mark</b> – packet is marked with specified firewall mark.</li>
                 <li><b>Mark</b> – packet is marked with specified firewall mark.</li>
Line 502: Line 503:
             </ul>
             </ul>
         </td>
         </td>
    </tr>
    <tr>
    <td><span style="color:green">DSCP value</span></td>
        <td>Default {{!}} CS1 {{!}} AF11 {{!}} AF12 {{!}} AF13 {{!}} CS2 {{!}} AF21 {{!}} AF22 {{!}} AF23...; default: <b>Default</b></td>
        <td>DSCP value to use for actions.</td>
    </tr>
    <tr>
    <td><span style="color:olive">Mark value</span></td>
        <td>string; default: <b>empty</b></td>
        <td>Mark value to use for actions.</td>
     </tr>
     </tr>
     <tr>
     <tr>
Retrieved from "https://wiki.teltonika-networks.com/view/Template:Networking_rutos_manual_firewall"