Template:Networking rutos manual firewall: Difference between revisions
Template:Networking rutos manual firewall (view source)
Revision as of 13:41, 5 January 2024
, 5 Januaryno edit summary
No edit summary |
|||
(7 intermediate revisions by 2 users not shown) | |||
Line 476: | Line 476: | ||
<td><span style="color:blue">Mark</span>: Set Target value</td> | <td><span style="color:blue">Mark</span>: Set Target value</td> | ||
<td>hex; default: <b>none</b></td> | <td>hex; default: <b>none</b></td> | ||
<td>If specified, target traffic against the given firewall mark, e.g. | <td>If specified, target traffic against the given firewall mark, e.g. FF or ff to target mark 255.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 491: | Line 491: | ||
<td><span style="color:blue">Mark</span>: Set Match value</td> | <td><span style="color:blue">Mark</span>: Set Match value</td> | ||
<td>hex; default: <b>none</b></td> | <td>hex; default: <b>none</b></td> | ||
<td>If specified, match traffic against the given firewall mark, e.g. | <td>If specified, match traffic against the given firewall mark, e.g. FF or ff to match mark 255.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 537: | Line 537: | ||
<td>Time in UTC</td> | <td>Time in UTC</td> | ||
<td>off | on; default: <b>no</b></td> | <td>off | on; default: <b>no</b></td> | ||
<td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the | <td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the System → Administration → [[{{{name}}}_Administration#NTP|NTP]] page will be used.</td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
Line 784: | Line 784: | ||
<td>Time in UTC</td> | <td>Time in UTC</td> | ||
<td>off | on; default: <b>no</b></td> | <td>off | on; default: <b>no</b></td> | ||
<td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the | <td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the System → Administration → [[{{{name}}}_Administration#NTP|NTP]] page will be used.</td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
Line 939: | Line 939: | ||
In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the perpetrator secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. | In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the perpetrator secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. | ||
[[File: | [[File:Networking_rutos_manual_firewall_attack_prevention_https_attack_prevention_v2.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 959: | Line 959: | ||
<tr> | <tr> | ||
<td>Limit</td> | <td>Limit</td> | ||
<td>integer; default: <b> | <td>integer [1..10000]; default: <b>none</b></td> | ||
<td>Maximum HTTPS connections during the set period.</td> | <td>Maximum HTTPS connections during the set period.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Limit burst</td> | <td>Limit burst</td> | ||
<td>integer; default: <b> | <td>integer [1..10000]; default: <b>none</b></td> | ||
<td>Indicates the maximum burst number before the above limit kicks in.</td> | <td>Indicates the maximum burst number before the above limit kicks in.</td> | ||
</tr> | </tr> | ||
Line 974: | Line 974: | ||
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. The Port Scan section provides you with the possibility to enable protection against port scanning software. The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include <b>SYN-FIN</b>, <b>SYN-RST</b>, <b>X-Mas</b>, <b>FIN scan</b> and <b>NULLflags</b> attacks. | Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. The Port Scan section provides you with the possibility to enable protection against port scanning software. The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include <b>SYN-FIN</b>, <b>SYN-RST</b>, <b>X-Mas</b>, <b>FIN scan</b> and <b>NULLflags</b> attacks. | ||
[[File: | [[File:Networking_rutos_manual_firewall_attack_prevention_port_scan_v2.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 989: | Line 989: | ||
<tr> | <tr> | ||
<td>Scan count</td> | <td>Scan count</td> | ||
<td>integer [5.. | <td>integer [5..10000]; default: <b>none</b></td> | ||
<td>How many port scans before blocked.</td> | <td>How many port scans before blocked.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Interval</td> | <td>Interval</td> | ||
<td>integer [10.. | <td>integer [10..4096]; default: <b>none</b></td> | ||
<td>Time interval in seconds in which port scans are counted.</td> | <td>Time interval in seconds in which port scans are counted.</td> | ||
</tr> | </tr> | ||
Line 1,044: | Line 1,044: | ||
The <b>DMZ</b> is a security concept. It comprises the separation of the LAN-side network into at least two networks: the user LAN and the DMZ. Generally the DMZ is imprisoned: only access to certain ports from the Internet are allowed into the DMZ, while the DMZ is not allowed to establish new connections to the WAN-side or LAN-side networks. That way, if a server inside of the DMZ is hacked the potential damage that can be done remains restricted! The whole point of the DMZ is to cleanly create a unique firewall rule set that dramatically restricts access in to, and out of the, DMZ. | The <b>DMZ</b> is a security concept. It comprises the separation of the LAN-side network into at least two networks: the user LAN and the DMZ. Generally the DMZ is imprisoned: only access to certain ports from the Internet are allowed into the DMZ, while the DMZ is not allowed to establish new connections to the WAN-side or LAN-side networks. That way, if a server inside of the DMZ is hacked the potential damage that can be done remains restricted! The whole point of the DMZ is to cleanly create a unique firewall rule set that dramatically restricts access in to, and out of the, DMZ. | ||
[[File:Networking rutos manual network firewall | [[File:Networking rutos manual network firewall dmz_v2.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> |