Changes

Template:Networking rutos manual firewall (view source)

Revision as of 14:41, 5 January 2024

4 bytes added ,  5 January
no edit summary
Line 476: Line 476:  
     <td><span style="color:blue">Mark</span>: Set Target value</td>
 
     <td><span style="color:blue">Mark</span>: Set Target value</td>
 
         <td>hex; default: <b>none</b></td>
 
         <td>hex; default: <b>none</b></td>
         <td>If specified, target traffic against the given firewall mark, e.g. 0xFF to target mark 255 or 0x0/0x1 to target any even mark value.</td>
+
         <td>If specified, target traffic against the given firewall mark, e.g. FF or ff to target mark 255.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 491: Line 491:  
     <td><span style="color:blue">Mark</span>: Set Match value</td>
 
     <td><span style="color:blue">Mark</span>: Set Match value</td>
 
         <td>hex; default: <b>none</b></td>
 
         <td>hex; default: <b>none</b></td>
         <td>If specified, match traffic against the given firewall mark, e.g. 0xFF to match mark 255 or 0x0/0x1 to match any even mark value.</td>
+
         <td>If specified, match traffic against the given firewall mark, e.g. FF or ff to match mark 255.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 537: Line 537:  
     <td>Time in UTC</td>
 
     <td>Time in UTC</td>
 
         <td>off | on; default: <b>no</b></td>
 
         <td>off | on; default: <b>no</b></td>
         <td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the Services → [[{{{name}}} NTP|NTP]] page will be used.</td>
+
         <td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the System → Administration → [[{{{name}}}_Administration#NTP|NTP]] page will be used.</td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>
Line 784: Line 784:  
     <td>Time in UTC</td>
 
     <td>Time in UTC</td>
 
         <td>off | on; default: <b>no</b></td>
 
         <td>off | on; default: <b>no</b></td>
         <td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the Services → [[{{{name}}} NTP|NTP]] page will be used.</td>
+
         <td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the System → Administration → [[{{{name}}}_Administration#NTP|NTP]] page will be used.</td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>
Line 974: Line 974:  
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. The Port Scan section provides you with the possibility to enable protection against port scanning software. The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include <b>SYN-FIN</b>, <b>SYN-RST</b>, <b>X-Mas</b>, <b>FIN scan</b> and <b>NULLflags</b> attacks.
 
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. The Port Scan section provides you with the possibility to enable protection against port scanning software. The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include <b>SYN-FIN</b>, <b>SYN-RST</b>, <b>X-Mas</b>, <b>FIN scan</b> and <b>NULLflags</b> attacks.
   −
[[File:Networking_rutos_manual_firewall_attack_prevention_port_scan.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_firewall_attack_prevention_port_scan_v2.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 989: Line 989:  
     <tr>
 
     <tr>
 
     <td>Scan count</td>
 
     <td>Scan count</td>
         <td>integer [5..65534]; default: <b>5</b></td>
+
         <td>integer [5..10000]; default: <b>none</b></td>
 
         <td>How many port scans before blocked.</td>
 
         <td>How many port scans before blocked.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
 
       <td>Interval</td>
 
       <td>Interval</td>
       <td>integer [10..60]; default: <b>10</b></td>
+
       <td>integer [10..4096]; default: <b>none</b></td>
 
       <td>Time interval in seconds in which port scans are counted.</td>
 
       <td>Time interval in seconds in which port scans are counted.</td>
 
     </tr>
 
     </tr>
Line 1,044: Line 1,044:  
The <b>DMZ</b> is a security concept. It comprises the separation of the LAN-side network into at least two networks: the user LAN and the DMZ. Generally the DMZ is imprisoned: only access to certain ports from the Internet are allowed into the DMZ, while the DMZ is not allowed to establish new connections to the WAN-side or LAN-side networks. That way, if a server inside of the DMZ is hacked the potential damage that can be done remains restricted! The whole point of the DMZ is to cleanly create a unique firewall rule set that dramatically restricts access in to, and out of the, DMZ.
 
The <b>DMZ</b> is a security concept. It comprises the separation of the LAN-side network into at least two networks: the user LAN and the DMZ. Generally the DMZ is imprisoned: only access to certain ports from the Internet are allowed into the DMZ, while the DMZ is not allowed to establish new connections to the WAN-side or LAN-side networks. That way, if a server inside of the DMZ is hacked the potential damage that can be done remains restricted! The whole point of the DMZ is to cleanly create a unique firewall rule set that dramatically restricts access in to, and out of the, DMZ.
   −
[[File:Networking rutos manual network firewall dmz.png|border|class=tlt-border]]
+
[[File:Networking rutos manual network firewall dmz_v2.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/117007...118270"

Navigation menu