Changes

Template:Networking rutos manual firewall (view source)

Revision as of 11:51, 19 May 2022

1,541 bytes added ,  11:51, 19 May 2022
no edit summary
Line 1: Line 1:  
{{Template: Networking_rutos_manual_fw_disclosure
 
{{Template: Networking_rutos_manual_fw_disclosure
| fw_version = {{{series}}}_R_00.07.00
+
| fw_version ={{Template: Networking_rutos_manual_latest_fw
| series    = {{{series}}}
+
| series = {{{series}}}
 +
| name  = {{{name}}}
 +
}}
 
}}
 
}}
{{#ifeq: {{{series}}} | RUT9 |<br><i><b>Note</b>: <b>[[{{{name}}} Firewall (legacy WebUI)|click here]]</b> for the old style WebUI (FW version RUT9XX_R_00.06.08.3 and earlier) user manual page.</i>|}}
+
{{#ifeq: {{{series}}} | RUT9 |<br><i><b>Note</b>: <b>[[{{{name}}} Firewall (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_rutos_manual_latest_fw | series = RUT9XX}} and earlier) user manual page.</i>|}}
 +
{{#ifeq: {{{series}}} | RUT2 |<br><i><b>Note</b>: <b>[[{{{name}}} Firewall (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_rutos_manual_latest_fw | series = RUT2XX}} and earlier) user manual page.</i>|}}
 
==Summary==
 
==Summary==
   Line 18: Line 21:  
The <b>General Settings</b> section is used to configure the main policies of the device's firewall. The figure below is an example of the General Settings section and the table below provides information on the fields contained in that section:
 
The <b>General Settings</b> section is used to configure the main policies of the device's firewall. The figure below is an example of the General Settings section and the table below provides information on the fields contained in that section:
   −
[[File:Networking_rutos_manual_firewall_general_settings_general_settings_v3.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_firewall_general_settings_general_settings.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 59: Line 62:  
     <li><b>Reject</b> – packet is stopped, deleted and, differently from Drop, a message of rejection is sent to the source from which the packet came.</li>
 
     <li><b>Reject</b> – packet is stopped, deleted and, differently from Drop, a message of rejection is sent to the source from which the packet came.</li>
 
</ul>
 
</ul>
 +
 +
===Routing/NAT Offloading===
 +
----
 +
The <b>Routing/NAT Offloading</b> is used to turns software flow offloading on or off.
 +
 +
The device checks whether the flow (sequence of related packets) is of a received a packed is known. Packets of unknown flow are forwarded to the networking stack. Meanwhile, if the flow is known, NAT is applied (if matched) and the packet is forwarded to the correct destination port. This process is called <b>software flow offloading</b>.
 +
 +
[[File:Networking_rutos_manual_firewall_general_settings_routing_nat_offloading.png|border|class=tlt-border]]
 +
 +
<table class="nd-mantable">
 +
    <tr>
 +
        <th>Field</th>
 +
        <th>Value</th>
 +
        <th>Description</th>
 +
    </tr>
 +
    <tr>
 +
        <td>Software flow offloading</td>
 +
        <td>off {{!}} on; default: <b>off</b></td>
 +
        <td>Turns software flow offloading on or off.</td>
 +
    </tr>
 +
</table>
    
===Zones===
 
===Zones===
Line 240: Line 264:  
You will be redirected to that rule's configuration page:
 
You will be redirected to that rule's configuration page:
   −
[[File:Networking_rutos_manual_firewall_port_forwards_configuration_mobile_{{{mobile}}}_dualsim_{{{dualsim}}}_wired_{{{wired}}}.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_firewall_port_forwards_configuration.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 271: Line 295:  
         <td>Source MAC address</td>
 
         <td>Source MAC address</td>
 
         <td>mac; default: <b>none</b></td>
 
         <td>mac; default: <b>none</b></td>
         <td>MAC address(es) of connecting hosts.<br>The rule will apply only to hosts that match MAC addresses specified in this field. Leave empty to make the rule skip MAC address matching.</td>
+
         <td>MAC address of connecting hosts.<br>The rule will apply only to hosts that match MAC addresses specified in this field. Leave empty to make the rule skip MAC address matching.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 359: Line 383:  
     <tr>
 
     <tr>
 
     <td>Protocol</td>
 
     <td>Protocol</td>
         <td>TCP+UDP | TCP | UDP | ICMP | -- custom --; default: <b>TCP+UDP</b></td>
+
         <td>TCP+UDP | TCP | UDP | <span style="color:red">ICMP</span> | -- custom --; default: <b>TCP+UDP</b></td>
 
         <td>Specifies to which protocols the rule should apply.</td>
 
         <td>Specifies to which protocols the rule should apply.</td>
 +
    </tr>
 +
    <tr>
 +
        <td><span style="color:red"> Match ICMP type</span></td>
 +
        <td>-- Custom -- | Any | ICMP-type; default: '''none'''</td>
 +
        <td>Allows matching specific ICMP types.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 925: Line 954:     
The <b>Custom rules</b> tab provides you with the possibility to execute <b>iptables</b> commands which are not otherwise covered by the device's firewall framework. The commands are executed after each firewall restart, right after the default rule set has been loaded.
 
The <b>Custom rules</b> tab provides you with the possibility to execute <b>iptables</b> commands which are not otherwise covered by the device's firewall framework. The commands are executed after each firewall restart, right after the default rule set has been loaded.
 +
 +
<b>Note: </b> Custom rules are not recommended to be used with <i>hostnames</i>. The rules will not remain active after reboot due to security reasons.
    
The figure below is an example of the Custom rules tab:
 
The figure below is an example of the Custom rules tab:
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/82181...91569"

Navigation menu