Jump to content

RUT850 Firewall: Difference between revisions

5,169 bytes removed ,  17 December 2018
Line 288: Line 288:




{| class="wikitable"
<table class="nd-mantable">
|+
    <tr>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
        <th>field name</th>
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
      <th>value</th>
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
      <th>description</th>
|-
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
      <td>Enable</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Turns the rule ON or OFF
      <td>yes {{!}} no; Default: '''no'''</td>
|-
      <td>Turns the rule ON or OFF</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The name of the rule. This is used for easier management purposes
      <td>Name</td>
|-
      <td>string; Default: " "</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Restrict to address family
      <td>The name of the rule. This is used for easier management purposes</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | IPv4 and IPv6 {{!}} IPv4 only {{!}} IPv6 only; Default: '''IPv4 and IPv6'''
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name of the rule, used purely for easier management purposes
    <tr>
|-
    <td>Restrict to address family</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
        <td>IPv4 and IPv6 {{!}} IPv4 only {{!}} IPv6 only; Default: '''IPv4 and IPv6'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP+UDP {{!}} TCP {{!}} UDP {{!}} ICMP {{!}} -- custom --; Default: '''TCP+UDP'''
        <td>Name of the rule, used purely for easier management purposes</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies to which protocols the rule should apply
    </tr>
|-
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source zone
    <td>Protocol</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span> <span style="background:#FD9589"> hotspot: </span> {{!}} <span style="background:#CEF58F"> l2tp: l2tp </span> {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span> {{!}} <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}} <span style="background:#D0E1EF"> wan: ppp </span> {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> wan: ppp </span>'''
        <td>TCP+UDP {{!}} TCP {{!}} UDP {{!}} ICMP {{!}} -- custom --; Default: '''TCP+UDP'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the external zone, i.e., the zone from which the third party connection will come
        <td>Specifies to which protocols the rule should apply</td>
|-
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source MAC address
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | mac; Default: " "
      <td>Source zone</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the mac address of the external host, i.e., the rule will apply only to hosts that have the MAC addresses specified in this field <br>
      <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}} <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> wan: ppp </span>'''</td>
|-
      <td>Specifies the external zone, i.e., the zone from which the third party connection will come</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source IP address
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the IP address or range of IPs of the external host, i.e., the rule will apply only to hosts that have the IP addresses specified in this field
      <td>Source MAC address</td>
|-
      <td>mac; Default: " "</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source port
      <td>Specifies the mac address of the external host, i.e., the rule will apply only to hosts that have the MAC addresses specified in this field <br> </td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the port or range of ports that the external host host will using as their source, i.e., the rule will apply only to hosts that use source ports specified in this field
    <tr>
|-
    <td>Source IP address</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External IP address
        <td>ip; Default: " "</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip {{!}} ip/netmask {{!}} ANY; Default: '''ANY'''
        <td>Specifies the IP address or range of IPs of the external host, i.e., the rule will apply only to hosts that have the IP addresses specified in this field</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the external IP address or range of external IPs of the local host, i.e., the rule will apply only to the external IP addresses specified in this field
    </tr>
|-
    <tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External port
    <td>Source port</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
        <td>integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the external port, i.e., the port from which the third party is connecting
        <td>Specifies the port or range of ports that the external host host will using as their source, i.e., the rule will apply only to hosts that use source ports specified in this field</td>
|-
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination zone
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> lan: lan </span>'''
      <td>External IP address</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Match forwarded traffic to the given destination zone only
      <td>ip {{!}} ip/netmask {{!}} ANY; Default: '''ANY'''</td>
|-
      <td>Specifies the external IP address or range of external IPs of the local host, i.e., the rule will apply only to the external IP addresses specified in this field</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination address
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" |  Match forwarded traffic to the given destination IP address or IP range only
      <td>External port</td>
|-
      <td>integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination port
      <td>Specifies the external port, i.e., the port from which the third party is connecting</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
    </tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Match forwarded traffic to the given destination port or port range only
    <tr>
|-
    <td>Destination zone</td>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action
        <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  | <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> lan: lan </span>'''</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Drop {{!}} Accept {{!}} Reject {{!}} Don't track; Default: '''no'''
        <td>Match forwarded traffic to the given destination zone only</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action to be taken on the packet if it matches the rule. You can also define additional options like limiting packet volume, and defining to which chain the rule belongs.
    </tr>
    <tr>
    <td>Destination address</td>
        <td>ip; Default: " "</td>
        <td>Match forwarded traffic to the given destination IP address or IP range only</td>
    </tr>
    <tr>
    <td>Destination port</td>
        <td>integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "</td>
        <td>Match forwarded traffic to the given destination port or port range only</td>
    </tr>
    <tr>
      <td>Action</td>
      <td>Drop {{!}} Accept {{!}} Reject {{!}} Don't track; Default: '''no'''</td>
      <td>Action to be taken on the packet if it matches the rule. You can also define additional options like limiting packet volume, and defining to which chain the rule belongs.


'''Don't track''' - connections with the specified parameters will not be monitored by the Firewall, i.e., no other Firewall rules will be applied to the specified configuration  
'''Don't track''' - connections with the specified parameters will not be monitored by the Firewall, i.e., no other Firewall rules will be applied to the specified configuration </td>
|-
    </tr>
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Extra arguments
    <tr>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
    <td>Extra arguments</td>
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Adds extra options (specified in this field) to the rule
        <td>string; Default: " "</td>
|-
        <td>Adds extra options (specified in this field) to the rule</td>
|}
    </tr>
</table>


===Open Ports On Router===
===Open Ports On Router===