Changes

RUT230 Firewall (view source)

Revision as of 13:59, 16 October 2020

916 bytes added ,  13:59, 16 October 2020
no edit summary
Line 1: Line 1:  +
{{Template: Networking_rutxxx_manual_fw_disclosure
 +
| fw_version = RUT2XX_R_00.01.13
 +
}}
 
==Summary==
 
==Summary==
   Line 74: Line 77:  
A zone section groups one or more interfaces and serves as a source or destination for forwardings, rules and redirects. The '''Zone Forwarding''' section allows you to configure these forwardings.
 
A zone section groups one or more interfaces and serves as a source or destination for forwardings, rules and redirects. The '''Zone Forwarding''' section allows you to configure these forwardings.
   −
 
+
[[File:Networking_rut2_manual_firewall_general_settings_zone_forwarding.png|border|class=tlt-border]]
[[Image:Network firewall general zone.PNG]]
  −
 
      
<table class="nd-mantable">
 
<table class="nd-mantable">
 
     <tr>
 
     <tr>
         <th>field name</th>
+
         <th>Field</th>
       <th>value</th>
+
       <th>Value</th>
       <th>description</th>
+
       <th>Description</th>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 92: Line 93:  
       <td>Destination zones</td>
 
       <td>Destination zones</td>
 
       <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  |  <span style="background:#CEF58F"> l2tp: l2tp </span>  |  <span style="background:#9BEAC3"> pptp: pptp </span>  |  <span style="background:#96EBE8"> vpn: openvpn </span>  |  <span style="background:#D0E1EF"> wan: ppp </span>  |  <span style="background:#DDDDDD"> lan: lan </span></td>
 
       <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  |  <span style="background:#CEF58F"> l2tp: l2tp </span>  |  <span style="background:#9BEAC3"> pptp: pptp </span>  |  <span style="background:#96EBE8"> vpn: openvpn </span>  |  <span style="background:#D0E1EF"> wan: ppp </span>  |  <span style="background:#DDDDDD"> lan: lan </span></td>
       <td>The destination zone to which data packets will be redirected to</td>
+
       <td>The destination zone to which data packets will be redirected to.</td>
 +
    </tr>
 +
    <tr>
 +
        <td>Input</td>
 +
      <td>Reject | Drop | Accept; default: <b>Accept</b></td>
 +
        <td>Default policy for traffic entering the zone.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
    <td>Default forwarding action</td>
+
        <td>Output</td>
         <td>Reject | Drop | Accept</td>
+
      <td>Reject | Drop | Accept; default: <b>Accept</b></td>
         <td>Action to be performed with the redirected packets </td>
+
        <td>Default policy for traffic originating from and leaving the zone.</td>
 +
    </tr>
 +
    <tr>
 +
         <td>Forward</td>
 +
      <td>Reject | Drop | Accept; default: <b>Accept</b></td>
 +
         <td>Default policy for traffic forwarded between the networks belonging to the zone.</td>
 +
    </tr>
 +
    <tr>
 +
        <td>Masquerading</td>
 +
        <td>yes | no; default: <b>no</b></td>
 +
        <td>Turns Masquerading off or on. MASQUERADE is an iptables target that can be used instead of the SNAT (source NAT) target when the external IP of the network interface is not known at the moment of writing the rule (when the interface gets the external IP dynamically).</td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>
Line 109: Line 125:     
===New Port Forward Rule===
 
===New Port Forward Rule===
----
   
----
 
----
 
If none of the default rules suit your purposes, you can create custom rules using the '''New Port Forward Rule''' tab.
 
If none of the default rules suit your purposes, you can create custom rules using the '''New Port Forward Rule''' tab.
Line 151: Line 166:     
====Port Forward Rule Configuration====
 
====Port Forward Rule Configuration====
----
   
----
 
----
 
To configure a Port Forward rule, click the '''Edit''' button located next to it. Below is a continuation of the previous New Port Forward Rule example, where we look at the configuration of the newly created rule.
 
To configure a Port Forward rule, click the '''Edit''' button located next to it. Below is a continuation of the previous New Port Forward Rule example, where we look at the configuration of the newly created rule.
Line 607: Line 621:  
===HTTP Attack Prevention===
 
===HTTP Attack Prevention===
 
----
 
----
----
+
 
 
An HTTP attack sends a complete, legitimate HTTP header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/100 seconds.) Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, hence slowing it down.
 
An HTTP attack sends a complete, legitimate HTTP header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/100 seconds.) Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, hence slowing it down.
   Line 786: Line 800:  
</table>
 
</table>
   −
[[Category:RUT230 WebUI]]
+
[[Category:{{{name}}} Network section]]
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/53080...73487"

Navigation menu