Changes

RUT230 Firewall (view source)

Revision as of 13:59, 16 October 2020

929 bytes added ,  13:59, 16 October 2020
no edit summary
Line 1: Line 1:  +
{{Template: Networking_rutxxx_manual_fw_disclosure
 +
| fw_version = RUT2XX_R_00.01.13
 +
}}
 
==Summary==
 
==Summary==
   Line 49: Line 52:  
----
 
----
 
By enabling '''DMZ''' for a specific internal host (e.g., your computer), you will expose that host and its services to the router’s WAN network (i.e. – the Internet).
 
By enabling '''DMZ''' for a specific internal host (e.g., your computer), you will expose that host and its services to the router’s WAN network (i.e. – the Internet).
      
[[Image:Network firewall general dmz.PNG]]
 
[[Image:Network firewall general dmz.PNG]]
      
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 76: Line 77:  
A zone section groups one or more interfaces and serves as a source or destination for forwardings, rules and redirects. The '''Zone Forwarding''' section allows you to configure these forwardings.
 
A zone section groups one or more interfaces and serves as a source or destination for forwardings, rules and redirects. The '''Zone Forwarding''' section allows you to configure these forwardings.
   −
 
+
[[File:Networking_rut2_manual_firewall_general_settings_zone_forwarding.png|border|class=tlt-border]]
[[Image:Network firewall general zone.PNG]]
  −
 
      
<table class="nd-mantable">
 
<table class="nd-mantable">
 
     <tr>
 
     <tr>
         <th>field name</th>
+
         <th>Field</th>
       <th>value</th>
+
       <th>Value</th>
       <th>description</th>
+
       <th>Description</th>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 94: Line 93:  
       <td>Destination zones</td>
 
       <td>Destination zones</td>
 
       <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  |  <span style="background:#CEF58F"> l2tp: l2tp </span>  |  <span style="background:#9BEAC3"> pptp: pptp </span>  |  <span style="background:#96EBE8"> vpn: openvpn </span>  |  <span style="background:#D0E1EF"> wan: ppp </span>  |  <span style="background:#DDDDDD"> lan: lan </span></td>
 
       <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  |  <span style="background:#CEF58F"> l2tp: l2tp </span>  |  <span style="background:#9BEAC3"> pptp: pptp </span>  |  <span style="background:#96EBE8"> vpn: openvpn </span>  |  <span style="background:#D0E1EF"> wan: ppp </span>  |  <span style="background:#DDDDDD"> lan: lan </span></td>
       <td>The destination zone to which data packets will be redirected to</td>
+
       <td>The destination zone to which data packets will be redirected to.</td>
 +
    </tr>
 +
    <tr>
 +
        <td>Input</td>
 +
      <td>Reject | Drop | Accept; default: <b>Accept</b></td>
 +
        <td>Default policy for traffic entering the zone.</td>
 +
    </tr>
 +
    <tr>
 +
        <td>Output</td>
 +
      <td>Reject | Drop | Accept; default: <b>Accept</b></td>
 +
        <td>Default policy for traffic originating from and leaving the zone.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
    <td>Default forwarding action</td>
+
        <td>Forward</td>
        <td>Reject | Drop | Accept</td>
+
      <td>Reject | Drop | Accept; default: <b>Accept</b></td>
         <td>Action to be performed with the redirected packets </td>
+
         <td>Default policy for traffic forwarded between the networks belonging to the zone.</td>
 +
    </tr>
 +
    <tr>
 +
        <td>Masquerading</td>
 +
        <td>yes | no; default: <b>no</b></td>
 +
        <td>Turns Masquerading off or on. MASQUERADE is an iptables target that can be used instead of the SNAT (source NAT) target when the external IP of the network interface is not known at the moment of writing the rule (when the interface gets the external IP dynamically).</td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>
Line 607: Line 621:  
===HTTP Attack Prevention===
 
===HTTP Attack Prevention===
 
----
 
----
 +
 
An HTTP attack sends a complete, legitimate HTTP header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/100 seconds.) Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, hence slowing it down.
 
An HTTP attack sends a complete, legitimate HTTP header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/100 seconds.) Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, hence slowing it down.
   Line 785: Line 800:  
</table>
 
</table>
   −
[[Category:RUT230 WebUI]]
+
[[Category:{{{name}}} Network section]]
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/29118...73487"

Navigation menu