Jump to content

Firewall traffic rules: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 110: Line 110:
*In the action field choose '''‘Drop’'''<br>
*In the action field choose '''‘Drop’'''<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_1-2_v1.png|alt=Firewall traffic rule to deny LAN network configuration|border|class=tlt-border|600x600px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_1-2_v1.png|alt=Firewall traffic rule to deny LAN network configuration|border|class=tlt-border|467x422px]]


Scroll down and press '''‘Save & Apply’'''.
Scroll down and press '''‘Save & Apply’'''.
Line 116: Line 116:
The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>
The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_1-3_v1.png||border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_1-3_v1.png||border|class=tlt-border|679x61px]]


Create and configure the second rule to allow the host to access the web server:
Create and configure the second rule to allow the host to access the web server:
Line 126: Line 126:
*Click '''‘Add’'''.<br>
*Click '''‘Add’'''.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_2-1_v1.png|alt=Firewall traffic rule to allow single host to web server|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_2-1_v1.png|alt=Firewall traffic rule to allow single host to web server|border|class=tlt-border|694x152px]]


A new window will pop-out where you will be able to specify additional settings.
A new window will pop-out where you will be able to specify additional settings.
Line 137: Line 137:
*In the action field choose '''‘Accept’'''.<br>
*In the action field choose '''‘Accept’'''.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_2-2_v1.png|alt=Firewall traffic rule to allow a single host to web server configuration|border|class=tlt-border|600x600px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_2-2_v1.png|alt=Firewall traffic rule to allow a single host to web server configuration|border|class=tlt-border|473x519px]]




Line 146: Line 146:
The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled. In addition, we need to move the second rule and ensure that the second rule is above the first rule.<br>
The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled. In addition, we need to move the second rule and ensure that the second rule is above the first rule.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_2-3_v1.png|alt=Firewall two traffic rules to allow only a single host to access web server enabled|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_2-3_v1.png|alt=Firewall two traffic rules to allow only a single host to access web server enabled|border|class=tlt-border|693x126px]]




Line 160: Line 160:
*Press the '''‘Add’''' button.<br>
*Press the '''‘Add’''' button.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_3-1_v1.png|alt=Firewall traffic rule to open a port of a device||border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_3-1_v1.png|alt=Firewall traffic rule to open a port of a device||border|class=tlt-border|708x155px]]




Line 167: Line 167:
<br>The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>
<br>The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_3-2_v1.png|alt=Firewall traffic rule to open a port on a device enabled||border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_3-2_v1.png|alt=Firewall traffic rule to open a port on a device enabled||border|class=tlt-border|677x56px]]


<br>
<br>
Line 184: Line 184:
*Click '''‘Add’.'''<br>
*Click '''‘Add’.'''<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_4-1_v1.png|alt=Firewall traffic rule to deny a single port for LAN network||border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_4-1_v1.png|alt=Firewall traffic rule to deny a single port for LAN network||border|class=tlt-border|697x155px]]


<br>
<br>
Line 193: Line 193:
*In the action field choose '''‘Drop’'''.<br>
*In the action field choose '''‘Drop’'''.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_4-2_v1.png|alt=Firewall traffic rule to deny single port for LAN network configuration|border|class=tlt-border|600x600px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_4-2_v1.png|alt=Firewall traffic rule to deny single port for LAN network configuration|border|class=tlt-border|470x516px]]




Line 208: Line 208:
*Click '''‘Add’.''' <br>
*Click '''‘Add’.''' <br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_5-1_v1.png|alt=Firewall traffic rule to allow a single host on one port|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_5-1_v1.png|alt=Firewall traffic rule to allow a single host on one port|border|class=tlt-border|696x156px]]


* set the source IP address to the IP address of the host.
* set the source IP address to the IP address of the host.
*In the action field choose '''‘Accept’'''.<br>
*In the action field choose '''‘Accept’'''.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_5-2_v1.png|alt=Firewall traffic rule to allow a single host on one port configuration|border|class=tlt-border|600x600px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_5-2_v1.png|alt=Firewall traffic rule to allow a single host on one port configuration|border|class=tlt-border|470x515px]]




Line 221: Line 221:
The new rules are created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled. These rules indicate that any traffic coming from host '''192.168.11.50''' in the '''LAN''' to port '''5000''' on the device will be accepted. The slider on the right side shows that the rule is enabled. Drag the second rule to be above the first rule, so the traffic from the host is matched against it and is allowed to access the device on port 5000. All other traffic from the local network coming to port 5000 on the router will be dropped because it will match the second rule. For example, if port is set to 53 (a port used by DNS), only this host would be allowed to use DNS service running on the device. Similarly, if the ports are set to 80 and 443, only that specific IP address will be able to access the WebUI of the device.<br>
The new rules are created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled. These rules indicate that any traffic coming from host '''192.168.11.50''' in the '''LAN''' to port '''5000''' on the device will be accepted. The slider on the right side shows that the rule is enabled. Drag the second rule to be above the first rule, so the traffic from the host is matched against it and is allowed to access the device on port 5000. All other traffic from the local network coming to port 5000 on the router will be dropped because it will match the second rule. For example, if port is set to 53 (a port used by DNS), only this host would be allowed to use DNS service running on the device. Similarly, if the ports are set to 80 and 443, only that specific IP address will be able to access the WebUI of the device.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_5-3_v1.png|alt=Firewall two traffic rules to allow only a single host on one port enabled|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_5-3_v1.png|alt=Firewall two traffic rules to allow only a single host on one port enabled|border|class=tlt-border|692x119px]]




Line 233: Line 233:
*In the external port field, enter ports '''80''' and '''443 (HTTP(S))''' so that only the access to the WebUI is allowed. Click '''‘Add’'''.<br>
*In the external port field, enter ports '''80''' and '''443 (HTTP(S))''' so that only the access to the WebUI is allowed. Click '''‘Add’'''.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_6-1_v1.png|alt=Firewall traffic rule to allow web access from WAN|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_6-1_v1.png|alt=Firewall traffic rule to allow web access from WAN|border|class=tlt-border|708x157px]]




Line 243: Line 243:
*In the action field choose '''‘Accept’'''.<br>
*In the action field choose '''‘Accept’'''.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_6-2_v1.png|alt=Firewall traffic rule to allow web access from WAN configuration|border|class=tlt-border|600x600px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_6-2_v1.png|alt=Firewall traffic rule to allow web access from WAN configuration|border|class=tlt-border|471x517px]]




Line 252: Line 252:
The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>
The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_6-3_v1.png|alt=Firewall traffic rule to allow web access from WAN enabled|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_6-3_v1.png|alt=Firewall traffic rule to allow web access from WAN enabled|border|class=tlt-border|679x54px]]




Line 269: Line 269:




[[File:Networking rutos configuration example firewall traffic rules rutos configuration traffic rule1-10 v1.png|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_7-1_v1.png|border|class=tlt-border|699x153px]]


<br>
<br>
Line 277: Line 277:
*In the destination port field enter the range of ports you wish to deny (For example, '''‘1500-1700’'''), or list specific ports by leaving spaces in-between port numbers (For example, '''‘80 443'''’).
*In the destination port field enter the range of ports you wish to deny (For example, '''‘1500-1700’'''), or list specific ports by leaving spaces in-between port numbers (For example, '''‘80 443'''’).
*In the action field choose '''‘Drop’'''.<br>
*In the action field choose '''‘Drop’'''.<br>
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_1-11_v1.png|alt=Firewall traffic rule to block a range of ports|border|class=tlt-border|600x600px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_7-2_v1.png|alt=Firewall traffic rule to block a range of ports|border|class=tlt-border|471x521px]]




Line 284: Line 284:
Scroll down and press '''‘Save & Apply’'''.<br>
Scroll down and press '''‘Save & Apply’'''.<br>
The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>
The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_1-12_v1.png|alt=Firewall traffic rule to block a range of ports enabled|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_7-3_v1.png|alt=Firewall traffic rule to block a range of ports enabled|border|class=tlt-border|677x59px]]


<br>
<br>
Line 296: Line 296:
* Choose '''WAN''' as destination zone.
* Choose '''WAN''' as destination zone.
*Click '''‘Add’'''.<br>
*Click '''‘Add’'''.<br>
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_7-1_v1.png|alt=Firewall traffic rule to block host MAC on certain times|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_8-1_v1.png|alt=Firewall traffic rule to block host MAC on certain times|border|class=tlt-border|697x150px]]


<br>
<br>
Line 305: Line 305:
*On weekdays you can choose on which days the rule will apply (The device will not be able to communicate). You can choose days of the month, start and stop times, and other time settings.<br>
*On weekdays you can choose on which days the rule will apply (The device will not be able to communicate). You can choose days of the month, start and stop times, and other time settings.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_7-2_v1.png|alt=Firewall traffic rule to block host MAC on certain times configuration|border|class=tlt-border|600x600px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_8-2_v1.png|alt=Firewall traffic rule to block host MAC on certain times configuration|border|class=tlt-border|418x605px]]




<br>You can specify additional settings as you wish.<br>Scroll down and press '''‘Save & Apply’'''.<br>The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>
<br>You can specify additional settings as you wish.<br>Scroll down and press '''‘Save & Apply’'''.<br>The new rule is created and enabled. To verify, go to the last page in '''‘Traffic rules’''' and verify that the rule is configured correctly and is enabled.<br>


[[File:Networking_rutos_configuration_example_firewall_traffic_rules_7-3_v1.png|alt=Firewall traffic rule to block host MAC on certain times enabled|border|class=tlt-border|800x800px]]
[[File:Networking_rutos_configuration_example_firewall_traffic_rules_8-3_v1.png|alt=Firewall traffic rule to block host MAC on certain times enabled|border|class=tlt-border|683x59px]]




<br>
<br>
This rule indicates that the PC with mac address of '''00:00:5e:xx:xx:xx''' will not be able to send traffic to '''WAN'''. The '''‘Discard forward’''' indicates the action (drop).  The rule does not show the times at which this rule is applied, but the times can be found on the settings page ('''‘Pencil’''' button). This rule will be applied for the first time on the 12th of February, 2023. Then, every Monday, Tuesday, Wednesday, Thursday, and Friday, from 8 AM to 4 PM this PC  will not be able to send traffic to '''WAN'''.
This rule indicates that the PC with mac address of '''00:00:5e:xx:xx:xx''' will not be able to send traffic to '''WAN'''. The '''‘Discard forward’''' indicates the action (drop).  The rule does not show the times at which this rule is applied, but the times can be found on the settings page ('''‘Pencil’''' button). This rule will be applied for the first time on the 12th of February, 2023. Then, every Monday, Tuesday, Wednesday, Thursday, and Friday, from 8 AM to 4 PM this PC  will not be able to send traffic to '''WAN'''.