Changes

RUT850 Firewall (view source)

Revision as of 11:46, 7 May 2020

32,969 bytes removed ,  11:46, 7 May 2020
no edit summary
Line 19: Line 19:  
     <tr>
 
     <tr>
 
       <td>Drop invalid packets</td>
 
       <td>Drop invalid packets</td>
       <td>yes {{!}} no; Default: '''no'''</td>
+
       <td>yes | no; Default: '''no'''</td>
 
       <td>A “Drop” action is performed on a packet that is determined to be invalid</td>
 
       <td>A “Drop” action is performed on a packet that is determined to be invalid</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
 
       <td>Input</td>
 
       <td>Input</td>
       <td>Reject {{!}} Drop {{!}} Accept; Default: '''Accept'''</td>
+
       <td>Reject | Drop | Accept; Default: '''Accept'''</td>
 
       <td>Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Input chain</td>
 
       <td>Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Input chain</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
 
     <td>Output</td>
 
     <td>Output</td>
         <td>Reject {{!}} Drop {{!}} Accept; Default: '''Accept'''</td>
+
         <td>Reject | Drop | Accept; Default: '''Accept'''</td>
 
         <td>Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Output chain</td>
 
         <td>Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Output chain</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
 
     <td>Forward</td>
 
     <td>Forward</td>
         <td>Reject {{!}} Drop {{!}} Accept; Default: '''Reject'''</td>
+
         <td>Reject | Drop | Accept; Default: '''Reject'''</td>
 
         <td>Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Forward chain</td>
 
         <td>Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Forward chain</td>
 
     </tr>
 
     </tr>
Line 62: Line 62:  
     <tr>
 
     <tr>
 
       <td>Source zone</td>
 
       <td>Source zone</td>
       <td>yes {{!}} no; Default: '''no'''</td>
+
       <td>yes | no; Default: '''no'''</td>
 
       <td>Toggles DMZ On or Off</td>
 
       <td>Toggles DMZ On or Off</td>
 
     </tr>
 
     </tr>
Line 80: Line 80:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source zone
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}} <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}} <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}} <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}} <span style="background:#D0E1EF"> wan: ppp </span>  {{!}} <span style="background:#DDDDDD"> lan: lan </span>
+
      <td>Source zone</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The source zone from which data packets will redirected from
+
      <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  | <span style="background:#CEF58F"> l2tp: l2tp </span>  | <span style="background:#9BEAC3"> pptp: pptp </span>  | <span style="background:#96EBE8"> vpn: openvpn </span>  | <span style="background:#D0E1EF"> wan: ppp </span>  | <span style="background:#DDDDDD"> lan: lan </span></td>
|-
+
      <td>The source zone from which data packets will redirected from</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination zones
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}} <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}} <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}} <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}} <span style="background:#D0E1EF"> wan: ppp </span>  {{!}} <span style="background:#DDDDDD"> lan: lan </span>
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The destination zone to which data packets will be redirected to
+
      <td>Destination zones</td>
|-
+
      <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  | <span style="background:#CEF58F"> l2tp: l2tp </span>  | <span style="background:#9BEAC3"> pptp: pptp </span>  | <span style="background:#96EBE8"> vpn: openvpn </span>  | <span style="background:#D0E1EF"> wan: ppp </span>  | <span style="background:#DDDDDD"> lan: lan </span></td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Default forwarding action
+
      <td>The destination zone to which data packets will be redirected to</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Reject {{!}} Drop {{!}} Accept
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action to be performed with the redirected packets  
+
    <tr>
|-
+
    <td>Default forwarding action</td>
|}
+
        <td>Reject | Drop | Accept</td>
 +
        <td>Action to be performed with the redirected packets</td>
 +
    </tr>
 +
</table>
    
==Port Forwarding==
 
==Port Forwarding==
Line 113: Line 116:  
[[Image:Network firewall port forwarding new.PNG]]
 
[[Image:Network firewall port forwarding new.PNG]]
   −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
+
      <td>Name</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name of the rule, used purely for easier management purposes
+
      <td>string; Default: " "</td>
|-
+
      <td>Name of the rule, used purely for easier management purposes</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP+UDP {{!}} TCP {{!}} UDP {{!}} ICMP {{!}} -- custom --; Default: '''TCP+UDP'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Type of protocol of incoming packet
+
      <td>Protocol</td>
|-
+
      <td>TCP+UDP | TCP | UDP | ICMP | -- custom --; Default: '''TCP+UDP'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External port
+
      <td>Type of protocol of incoming packet</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Traffic will be forwarded from this port on the WAN network
+
    <tr>
|-
+
    <td>External port</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal IP address
+
        <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
+
        <td>Traffic will be forwarded from this port on the WAN network</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The IP address of the internal machine that hosts some service that you want to access from the outside
+
    </tr>
|-
+
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal port
+
    <td>Internal IP address</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
+
        <td>ip; Default: " "</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The rule will redirect the traffic to this port on the internal machine
+
        <td>The IP address of the internal machine that hosts some service that you want to access from the outside</td>
|-
+
    </tr>
|}
+
    <tr>
 +
    <td>Internal port</td>
 +
        <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "</td>
 +
        <td>The rule will redirect the traffic to this port on the internal machine</td>
 +
    </tr>
 +
</table>
    
Once you have submitted the required information, click the '''Add''' button located in the New Port Forward Rule tab.
 
Once you have submitted the required information, click the '''Add''' button located in the New Port Forward Rule tab.
Line 151: Line 159:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
      <td>Enable</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles a rule ON or OFF
+
      <td>yes | no; Default: '''no'''</td>
|-
+
      <td>Toggles a rule ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The name of the rule. This is used for easier management purposes
+
      <td>Name</td>
|-
+
      <td>string; Default: " "</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
+
      <td>The name of the rule. This is used for easier management purposes</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP+UDP {{!}} TCP {{!}} UDP {{!}} ICMP {{!}} -- custom --; Default: '''TCP+UDP'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies to which protocols the rule should apply
+
    <tr>
|-
+
    <td>Protocol</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source zone
+
        <td>TCP+UDP | TCP | UDP | ICMP | -- custom --; Default: '''TCP+UDP'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span> |  <span style="background:#FD9589"> hotspot: </span> {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span> {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span> {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span> {{!}}  <span style="background:#D0E1EF"> wan: ppp </span> {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> wan: ppp </span>'''
+
        <td>Specifies to which protocols the rule should apply</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The source zone from which data packets will redirected from
+
    </tr>
|-
+
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source MAC address
+
    <td>Source zone</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | mac; Default: " "
+
        <td> <span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  | <span style="background:#CEF58F"> l2tp: l2tp </span>  |  <span style="background:#9BEAC3"> pptp: pptp </span>  | <span style="background:#96EBE8"> vpn: openvpn </span>  |  <span style="background:#D0E1EF"> wan: ppp </span>  | <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> wan: ppp </span>'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Matches incoming traffic from these MACs only
+
        <td>The source zone from which data packets will redirected from</td>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source IP address
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
+
      <td>Source MAC address</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Matches incoming traffic from this IP or range of IPs only
+
      <td>mac; Default: " "</td>
|-
+
      <td>Matches incoming traffic from these MACs only</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source port
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Matches incoming traffic originating from the given source port or port range on the client host only
+
      <td>Source IP address</td>
|-
+
      <td>ip; Default: " "</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External IP address
+
      <td>Matches incoming traffic from this IP or range of IPs only</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Matches incoming traffic directed at the given IP address only
+
    <tr>
|-
+
    <td>Source port</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External port
+
        <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
+
        <td>Matches incoming traffic originating from the given source port or port range on the client host only</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the external port, i.e., the port from which the third party is connecting
+
    </tr>
|-
+
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal zone
+
    <td>External IP address</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> lan: lan </span>'''
+
        <td>ip; Default: " "</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the internal zone, i.e., the zone where the incoming connection will be redirected to
+
        <td>Matches incoming traffic directed at the given IP address only</td>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal IP address
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
+
      <td>External port</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the internal IP address, i.e., the IP address to which the incoming connection will be redirected to
+
      <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "</td>
|-
+
      <td>Specifies the external port, i.e., the port from which the third party is connecting </td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal port
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the internal port, i.e., the port to which the incoming connection will be redirected to
+
      <td>Internal zone</td>
|-
+
      <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  | <span style="background:#FD9589"> hotspot: </span>  |  <span style="background:#CEF58F"> l2tp: l2tp </span>  | <span style="background:#9BEAC3"> pptp: pptp </span>  |  <span style="background:#96EBE8"> vpn: openvpn </span>  | <span style="background:#D0E1EF"> wan: ppp </span>  | <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> lan: lan </span>'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable NAT loopback
+
      <td>Specifies the internal zone, i.e., the zone where the incoming connection will be redirected to</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | NAT loopback enables your local network (i.e., behind your router/modem) to connect to a forward-facing IP address (such as 208.112.93.73) of a machine that it also on your local network
+
    <tr>
|-
+
    <td>Internal IP address</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Extra arguments
+
        <td>ip; Default: " "</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
+
        <td>Specifies the internal IP address, i.e., the IP address to which the incoming connection will be redirected to</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Passes additional arguments to iptables. '''Use with care!'''
+
    </tr>
|-
+
    <tr>
|}
+
    <td>Internal port</td>
 +
        <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "</td>
 +
        <td>Specifies the internal port, i.e., the port to which the incoming connection will be redirected to</td>
 +
    </tr>
 +
    <tr>
 +
      <td>Enable NAT loopback</td>
 +
      <td>yes | no; Default: '''no'''</td>
 +
      <td>NAT loopback enables your local network (i.e., behind your router/modem) to connect to a forward-facing IP address (such as 208.112.93.73) of a machine that it also on your local network</td>
 +
    </tr>
 +
    <tr>
 +
      <td>Extra arguments</td>
 +
      <td>string; Default: " "</td>
 +
      <td>Passes additional arguments to iptables. '''Use with care!'''</td>
 +
    </tr>
 +
</table>
    
==Traffic Rules==
 
==Traffic Rules==
Line 223: Line 245:       −
{| class="wikitable"
+
<table class="nd-othertables">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th style="width: 250px">FIELD NAME</th>
! style="width: 1450px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th style="width: 1450px">DESCRIPTION</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name of the rule, used purely for easier management purposes
+
      <td>Name</td>
|-
+
      <td>Name of the rule, used purely for easier management purposes</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Type of protocol of incoming packet
+
    <tr>
|-
+
      <td>Protocol</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source
+
      <td>Type of protocol of incoming packet</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The source zone from which data packets will redirected from
+
    </tr>
|-
+
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination
+
    <td>Source</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Redirect matched traffic to the given IP address and destination port
+
        <td>The source zone from which data packets will redirected from</td>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action to be performed with the packet if it matches the rule
+
    <td>Destination</td>
|-
+
        <td>Redirect matched traffic to the given IP address and destination port</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles the rule ON or OFF. If unchecked, the rule will not be deleted, but it also will not be loaded into the firewall
+
    <tr>
|-
+
      <td>Action</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Sort
+
      <td>Action to be performed with the packet if it matches the rule</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | When a packet arrives, it gets checked for a matching rule. If there are several matching rules, only the first one is applied, i.e., the order of the rule list impacts how your firewall operates, therefore you are given the ability to sort your list however you deem fit
+
    </tr>
|-
+
    <tr>
|}
+
    <td>Enable</td>
 +
        <td>Toggles the rule ON or OFF. If unchecked, the rule will not be deleted, but it also will not be loaded into the firewall</td>
 +
    </tr>
 +
    <tr>
 +
    <td>Sort</td>
 +
        <td>When a packet arrives, it gets checked for a matching rule. If there are several matching rules, only the first one is applied, i.e., the order of the rule list impacts how your firewall operates, therefore you are given the ability to sort your list however you deem fit</td>
 +
    </tr>
 +
</table>
    
===Traffic Rule Configuration===
 
===Traffic Rule Configuration===
Line 259: Line 288:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
      <td>Enable</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Turns the rule ON or OFF
+
      <td>yes | no; Default: '''no'''</td>
|-
+
      <td>Turns the rule ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The name of the rule. This is used for easier management purposes
+
      <td>Name</td>
|-
+
      <td>string; Default: " "</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Restrict to address family
+
      <td>The name of the rule. This is used for easier management purposes</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | IPv4 and IPv6 {{!}} IPv4 only {{!}} IPv6 only; Default: '''IPv4 and IPv6'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name of the rule, used purely for easier management purposes
+
    <tr>
|-
+
    <td>Restrict to address family</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
+
        <td>IPv4 and IPv6 | IPv4 only | IPv6 only; Default: '''IPv4 and IPv6'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP+UDP {{!}} TCP {{!}} UDP {{!}} ICMP {{!}} -- custom --; Default: '''TCP+UDP'''
+
        <td>Name of the rule, used purely for easier management purposes</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies to which protocols the rule should apply
+
    </tr>
|-
+
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source zone
+
    <td>Protocol</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span> <span style="background:#FD9589"> hotspot: </span> {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span> {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span> {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span> {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> wan: ppp </span>'''
+
        <td>TCP+UDP | TCP | UDP | ICMP | -- custom --; Default: '''TCP+UDP'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the external zone, i.e., the zone from which the third party connection will come
+
        <td>Specifies to which protocols the rule should apply</td>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source MAC address
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | mac; Default: " "
+
      <td>Source zone</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the mac address of the external host, i.e., the rule will apply only to hosts that have the MAC addresses specified in this field <br>  
+
      <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  | <span style="background:#FD9589"> hotspot: </span>  |  <span style="background:#CEF58F"> l2tp: l2tp </span>  | <span style="background:#9BEAC3"> pptp: pptp </span>  |  <span style="background:#96EBE8"> vpn: openvpn </span>  |  <span style="background:#D0E1EF"> wan: ppp </span>  | <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> wan: ppp </span>'''</td>
|-
+
      <td>Specifies the external zone, i.e., the zone from which the third party connection will come</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source IP address
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the IP address or range of IPs of the external host, i.e., the rule will apply only to hosts that have the IP addresses specified in this field
+
      <td>Source MAC address</td>
|-
+
      <td>mac; Default: " "</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source port
+
      <td>Specifies the mac address of the external host, i.e., the rule will apply only to hosts that have the MAC addresses specified in this field <br> </td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the port or range of ports that the external host host will using as their source, i.e., the rule will apply only to hosts that use source ports specified in this field
+
    <tr>
|-
+
    <td>Source IP address</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External IP address
+
        <td>ip; Default: " "</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip {{!}} ip/netmask {{!}} ANY; Default: '''ANY'''
+
        <td>Specifies the IP address or range of IPs of the external host, i.e., the rule will apply only to hosts that have the IP addresses specified in this field</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the external IP address or range of external IPs of the local host, i.e., the rule will apply only to the external IP addresses specified in this field
+
    </tr>
|-
+
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External port
+
    <td>Source port</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
+
        <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the external port, i.e., the port from which the third party is connecting
+
        <td>Specifies the port or range of ports that the external host host will using as their source, i.e., the rule will apply only to hosts that use source ports specified in this field</td>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination zone
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> lan: lan </span>'''
+
      <td>External IP address</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Match forwarded traffic to the given destination zone only
+
      <td>ip | ip/netmask | ANY; Default: '''ANY'''</td>
|-
+
      <td>Specifies the external IP address or range of external IPs of the local host, i.e., the rule will apply only to the external IP addresses specified in this field</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination address
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" |  Match forwarded traffic to the given destination IP address or IP range only
+
      <td>External port</td>
|-
+
      <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination port
+
      <td>Specifies the external port, i.e., the port from which the third party is connecting</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Match forwarded traffic to the given destination port or port range only
+
    <tr>
|-
+
    <td>Destination zone</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action
+
        <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  | <span style="background:#FD9589"> hotspot: </span>  | <span style="background:#CEF58F"> l2tp: l2tp </span>  |  <span style="background:#9BEAC3"> pptp: pptp </span>  | <span style="background:#96EBE8"> vpn: openvpn </span>  |  <span style="background:#D0E1EF"> wan: ppp </span>  | <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> lan: lan </span>'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Drop {{!}} Accept {{!}} Reject {{!}} Don't track; Default: '''no'''
+
        <td>Match forwarded traffic to the given destination zone only</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action to be taken on the packet if it matches the rule. You can also define additional options like limiting packet volume, and defining to which chain the rule belongs.
+
    </tr>
 +
    <tr>
 +
    <td>Destination address</td>
 +
        <td>ip; Default: " "</td>
 +
        <td>Match forwarded traffic to the given destination IP address or IP range only</td>
 +
    </tr>
 +
    <tr>
 +
    <td>Destination port</td>
 +
        <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "</td>
 +
        <td>Match forwarded traffic to the given destination port or port range only</td>
 +
    </tr>
 +
    <tr>
 +
      <td>Action</td>
 +
      <td>Drop | Accept | Reject | Don't track; Default: '''no'''</td>
 +
      <td>Action to be taken on the packet if it matches the rule. You can also define additional options like limiting packet volume, and defining to which chain the rule belongs.
   −
'''Don't track''' - connections with the specified parameters will not be monitored by the Firewall, i.e., no other Firewall rules will be applied to the specified configuration  
+
'''Don't track''' - connections with the specified parameters will not be monitored by the Firewall, i.e., no other Firewall rules will be applied to the specified configuration </td>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Extra arguments
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
+
    <td>Extra arguments</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Adds extra options (specified in this field) to the rule
+
        <td>string; Default: " "</td>
|-
+
        <td>Adds extra options (specified in this field) to the rule</td>
|}
+
    </tr>
 +
</table>
    
===Open Ports On Router===
 
===Open Ports On Router===
Line 337: Line 381:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | NAME
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
+
      <td>NAME</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The name of the rule. This is used for easier management purposes. The NAME field auto-filled when port numbers are specified, unless the NAME was specified beforehand by the user
+
      <td>string; Default: " "</td>
|-
+
      <td>The name of the rule. This is used for easier management purposes. The NAME field auto-filled when port numbers are specified, unless the NAME was specified beforehand by the user</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | PROTOCOL
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP+UDP {{!}} TCP {{!}} UDP {{!}} Other; Default: '''TCP+UDP'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies to which protocols the rule should apply  
+
      <td>PROTOCOL</td>
|-
+
      <td>TCP+UDP | TCP | UDP | Other; Default: '''TCP+UDP'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | EXTERNAL PORT
+
      <td>Specifies to which protocols the rule should apply </td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "  
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies which port should be opened
+
    <tr>
|-
+
    <td>EXTERNAL PORT</td>
|}
+
        <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " " </td>
 +
        <td>Specifies which port should be opened</td>
 +
    </tr>
 +
</table>
    
===New Forward Rule===
 
===New Forward Rule===
Line 365: Line 412:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
+
      <td>Name</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name of the rule, used purely for easier management purposes
+
      <td>string; Default: " "</td>
|-
+
      <td>Name of the rule, used purely for easier management purposes</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | GRE {{!}} HOTSPOT {{!}} L2TP {{!}} LAN {{!}} PPTP {{!}} VPN {{!}} WAN; Default: '''LAN'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Match incoming traffic from selected address family only
+
      <td>Source</td>
|-
+
      <td>GRE | HOTSPOT | L2TP | LAN | PPTP | VPN | WAN; Default: '''LAN'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination
+
      <td>Match incoming traffic from selected address family only</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | GRE {{!}} HOTSPOT {{!}} L2TP {{!}} LAN {{!}} PPTP {{!}} VPN {{!}} WAN; Default: '''WAN'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Forward incoming traffic to selected address family only
+
    <tr>
|-
+
    <td>Destination</td>
|}
+
        <td>GRE | HOTSPOT | L2TP | LAN | PPTP | VPN | WAN; Default: '''WAN'''</td>
 +
        <td>Forward incoming traffic to selected address family only</td>
 +
    </tr>
 +
</table>
    
===Source NAT===
 
===Source NAT===
Line 393: Line 443:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
+
      <td>Name</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name of the rule, used purely for easier management purposes
+
      <td>string; Default: " "</td>
|-
+
      <td>Name of the rule, used purely for easier management purposes</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP+UDP {{!}} TCP {{!}} UDP {{!}} Other...; Default: '''TCP+UDP'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol of the packet that is being matched against traffic rules
+
      <td>Protocol</td>
|-
+
      <td>TCP+UDP | TCP | UDP | Other...; Default: '''TCP+UDP'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source
+
      <td>Protocol of the packet that is being matched against traffic rules</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | GRE {{!}} HOTSPOT {{!}} L2TP {{!}} LAN {{!}} PPTP {{!}} VPN {{!}} WAN; Default: '''LAN'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Match incoming traffic from selected address family only
+
    <tr>
|-
+
    <td>Source</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination
+
        <td>GRE | HOTSPOT | L2TP | LAN | PPTP | VPN | WAN; Default: '''LAN'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | GRE {{!}} HOTSPOT {{!}} L2TP {{!}} LAN {{!}} PPTP {{!}} VPN {{!}} WAN; Default: '''LAN'''
+
        <td>Match incoming traffic from selected address family only</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Forward incoming traffic to selected address family only
+
    </tr>
|-
+
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | SNAT
+
    <td>Destination</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip and port [0..65535]; Default: " "
+
        <td>GRE | HOTSPOT | L2TP | LAN | PPTP | VPN | WAN; Default: '''LAN'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | SNAT (Source Network Address Translation) rewrites packet's source IP address and port
+
        <td>Forward incoming traffic to selected address family only</td>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
    <td>SNAT</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles the rule ON or OFF
+
        <td>ip and port [0..65535]; Default: " "</td>
|-
+
        <td>SNAT (Source Network Address Translation) rewrites packet's source IP address and port</td>
|}
+
    </tr>
 +
    <tr>
 +
    <td>Enable</td>
 +
        <td>yes | no; Default: '''no'''</td>
 +
        <td>Toggles the rule ON or OFF</td>
 +
    </tr>
 +
</table>
    
==Custom Rules==
 
==Custom Rules==
Line 444: Line 500:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable SYN flood protection
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''yes'''
+
      <td>Enable SYN flood protection</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles the rule ON or OFF
+
      <td>yes | no; Default: '''yes'''</td>
|-
+
      <td>Toggles the rule ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | SYN flood rate
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''25'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Set rate limit (packets per second) for SYN packets above which the traffic is considered flooded
+
      <td>SYN flood rate</td>
|-
+
      <td>integer; Default: '''25'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | SYN flood burst
+
      <td>Set rate limit (packets per second) for SYN packets above which the traffic is considered flooded</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''50'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Set rate limit (packets per second) for SYN packets above which the traffic is considered flooded
+
    <tr>
|-
+
    <td>SYN flood burst</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP SYN cookies
+
        <td>integer; Default: '''50'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
        <td>Set burst limit for SYN packets above which the traffic is considered flooded if it exceeds the allowed rate</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable the use of SYN cookies (particular choices of initial TCP sequence numbers by TCP servers)
+
    </tr>
|-
+
    <tr>
|}
+
    <td>TCP SYN cookies</td>
 +
        <td>yes | no; Default: '''no'''</td>
 +
        <td>Enable the use of SYN cookies (particular choices of initial TCP sequence numbers by TCP servers)</td>
 +
    </tr>
 +
</table>
    
===Remote ICMP Requests===
 
===Remote ICMP Requests===
Line 473: Line 533:       −
[[Image:Network firewall ddos icmp.PNG]]
+
<table class="nd-mantable">
 
+
    <tr>
 
+
        <th>field name</th>
{| class="wikitable"
+
      <th>value</th>
|+
+
      <th>description</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
    </tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
    <tr>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <td>Enable ICMP requests</td>
|-
+
      <td>yes | no; Default: '''yes'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable ICMP requests
+
      <td>Toggles the rule ON or OFF</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''yes'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles the rule ON or OFF
+
    <tr>
|-
+
      <td>Enable ICMP limit</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable ICMP requests
+
      <td>yes | no; Default: '''no'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''yes'''
+
      <td>Toggles ICMP echo-request limit in selected period ON or OFF</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles ICMP echo-request limit in selected period ON or OFF
+
    </tr>
|-
+
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit period
+
    <td>Limit period</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Second {{!}} Minute {{!}} Hour {{!}} Day; Default: '''Second'''
+
        <td>Second | Minute | Hour | Day; Default: '''Second'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Select ICMP echo-request period limit
+
        <td>Select ICMP echo-request period limit</td>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''10'''
+
    <td>Limit</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Maximum ICMP echo-request number during the period
+
        <td>integer; Default: '''10'''</td>
|-
+
        <td>Maximum ICMP echo-request number during the period</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit burst
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''5'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Indicate the maximum burst before the above limit kicks in
+
    <td>Limit burst</td>
|-
+
        <td>integer; Default: '''5'''</td>
|}
+
        <td>Indicate the maximum burst before the above limit kicks in</td>
 +
    </tr>
 +
</table>
    
===SSH Attack Prevention===
 
===SSH Attack Prevention===
Line 512: Line 574:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable SSH limit
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''yes'''
+
      <td>Enable SSH limit</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles the rule ON or OFF
+
      <td>yes | no; Default: '''yes'''</td>
|-
+
      <td>Toggles the rule ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit period
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Second {{!}} Minute {{!}} Hour {{!}} Day; Default: '''Second'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The period in which SSH connections are to be limited
+
      <td>Limit period</td>
|-
+
      <td>Second | Minute | Hour | Day; Default: '''Second'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit
+
      <td>The period in which SSH connections are to be limited</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''10'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Maximum SSH connections during the set period
+
    <tr>
|-
+
    <td>Limit</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit burst
+
        <td>integer; Default: '''10'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''5'''
+
        <td>Maximum SSH connections during the set period</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Indicate the maximum burst before the above limit kicks in
+
    </tr>
|-
+
    <tr>
|}
+
    <td>Limit burst</td>
 +
        <td>integer; Default: '''5'''</td>
 +
        <td>Indicate the maximum burst before the above limit kicks in</td>
 +
    </tr>
 +
</table>
    
===HTTP Attack Prevention===
 
===HTTP Attack Prevention===
Line 544: Line 610:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable HTTP limit
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''yes'''
+
      <td>Enable HTTP limit</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles the rule ON or OFF
+
      <td>yes | no; Default: '''yes'''</td>
|-
+
      <td>Toggles the rule ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit period
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Second {{!}} Minute {{!}} Hour {{!}} Day; Default: '''Second'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The period in which HTTP connections are to be limited
+
      <td>Limit period</td>
|-
+
      <td>Second | Minute | Hour | Day; Default: '''Second'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit
+
      <td>The period in which HTTP connections are to be limited</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''10'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Maximum HTTP connections during the set period
+
    <tr>
|-
+
    <td>Limit</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit burst
+
        <td>integer; Default: '''10'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''10'''
+
        <td>Maximum HTTP connections during the set period</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Indicate the maximum burst before the above limit kicks in
+
    </tr>
|-
+
    <tr>
|}
+
    <td>Limit burst</td>
 +
        <td>integer; Default: '''10'''</td>
 +
        <td>Indicate the maximum burst before the above limit kicks in</td>
 +
    </tr>
 +
</table>
    
===HTTPS Attack Prevention===
 
===HTTPS Attack Prevention===
Line 578: Line 648:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable HTTPS limit
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''yes'''
+
      <td>Enable HTTPS limit</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles the rule ON or OFF
+
      <td>yes | no; Default: '''yes'''</td>
|-
+
      <td>Toggles the rule ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit period
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Second {{!}} Minute {{!}} Hour {{!}} Day; Default: '''Second'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The period in which HTTPS connections are to be limited
+
      <td>Limit period</td>
|-
+
      <td>Second | Minute | Hour | Day; Default: '''Second'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit
+
      <td>The period in which HTTPS connections are to be limited</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''10'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Maximum HTTPS connections during the set period
+
    <tr>
|-
+
    <td>Limit</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Limit burst
+
        <td>integer; Default: '''10'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer; Default: '''10'''
+
        <td>Maximum HTTPS connections during the set period</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Indicate the maximum burst before the above limit kicks in
+
    </tr>
|-
+
    <tr>
|}
+
    <td>Limit burst</td>
 +
        <td>integer; Default: '''10'''</td>
 +
        <td>Indicate the maximum burst before the above limit kicks in</td>
 +
    </tr>
 +
</table>
    
==Port Scan Prevention==
 
==Port Scan Prevention==
Line 614: Line 688:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''yes'''
+
      <td>Enable</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles the function ON or OFF
+
      <td>yes | no; Default: '''yes'''</td>
|-
+
      <td>Toggles the function ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Interval
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [10..60]; Default: '''30'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Time interval in seconds in which port scans are counted
+
      <td>Interval</td>
|-
+
      <td>integer [10..60]; Default: '''30'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Scan count
+
      <td>Time interval in seconds in which port scans are counted</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [5..65534]; Default: '''10'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | How many port scans before blocked
+
    <tr>
|-
+
    <td>Scan count</td>
|}
+
        <td>integer [5..65534]; Default: '''10'''</td>
 +
        <td>How many port scans before blocked</td>
 +
    </tr>
 +
</table>
    
===Defending Type===
 
===Defending Type===
Line 642: Line 719:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | SYN-FIN attack
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
      <td>SYN-FIN attack</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles protection from SYN-FIN attacks ON or OFF
+
      <td>yes | no; Default: '''no'''</td>
|-
+
      <td>Toggles protection from SYN-FIN attacks ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | SYN-RST attack
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles protection from SYN-RST attacks ON or OFF
+
      <td>SYN-RST attack</td>
|-
+
      <td>yes | no; Default: '''no'''</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | X-Mas attack
+
      <td>Toggles protection from SYN-RST attacks ON or OFF</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles protection from X-Mas attacks ON or OFF
+
    <tr>
|-
+
    <td>X-Mas attack</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | FIN scan
+
        <td>yes | no; Default: '''no'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
        <td>Toggles protection from X-Mas attacks ON or OFF</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles protection from FIN scan attacks ON or OFF
+
    </tr>
|-
+
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | NULLflags attack
+
    <td>FIN scan</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
        <td>yes | no; Default: '''no'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles protection from NULLflags attacks ON or OFF
+
        <td>Toggles protection from FIN scan attacks ON or OFF</td>
|-
+
    </tr>
|}
+
    <tr>
 +
    <td>NULLflags attack</td>
 +
        <td>yes | no; Default: '''no'''</td>
 +
        <td>Toggles protection from NULLflags attacks ON or OFF</td>
 +
    </tr>
 +
</table>
    
==Helpers==
 
==Helpers==
Line 683: Line 765:       −
{| class="wikitable"
+
<table class="nd-mantable">
|+
+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
+
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
+
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
+
      <th>description</th>
|-
+
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | H323
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
      <td>H323</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles H323 filtering ON or OFF
+
      <td>yes | no; Default: '''no'''</td>
|-
+
      <td>Toggles H323 filtering ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | SIP
+
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
+
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles SIP filtering ON or OFF
+
      <td>SIP</td>
|-
+
      <td>yes | no; Default: '''no'''</td>
|}
+
      <td>Toggles SIP filtering ON or OFF</td>
 +
    </tr>
 +
</table>
 +
 
 +
[[Category:{{{name}}} Network section]]
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/25021...61245"

Navigation menu