Jump to content

Template:Networking rutos manual firewall: Difference between revisions

No edit summary
Line 332: Line 332:
The <b>Traffic rules</b> tab is used to set firewall rules that filter traffic moving through the device. The figure below is an example of the Traffic rules table:
The <b>Traffic rules</b> tab is used to set firewall rules that filter traffic moving through the device. The figure below is an example of the Traffic rules table:


[[File:Networking_rutx_manual_firewall_traffic_rules_v1.png]]
[[File:Networking_rutos_manual_firewall_traffic_rules.png|border|class=tlt-border]]


===Traffic rules configuration===
===Traffic rules configuration===
Line 338: Line 338:
In order to begin editing a traffic rule, click the button that looks like a pencil [[File:Networking_rutx_trb14x_manual_edit_button_v1.png|20px]] next to it:
In order to begin editing a traffic rule, click the button that looks like a pencil [[File:Networking_rutx_trb14x_manual_edit_button_v1.png|20px]] next to it:


[[File:Networking_rutx_manual_firewall_traffic_rules_edit_v1.png]]
[[File:Networking_rutos_manual_firewall_traffic_rules_edit_button.png|border|class=tlt-border]]


You will be redirected to that rule's configuration page:
You will be redirected to that rule's configuration page:


[[File:Networking_rutx09_rutx11_manual_firewall_traffic_rules_configuration_v1.png]]
[[File:Networking_rutos_manual_firewall_traffic_rules_configuration_mobile_{{{mobile}}}_dualsim_{{{dualsim}}_wired_{{{wired}}}.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 352: Line 352:
     <tr>
     <tr>
       <td>Enable</td>
       <td>Enable</td>
       <td>off | on; Default <b>on</b></td>
       <td>off | on; default <b>on</b></td>
       <td>Turns the rule on or off.</td>
       <td>Turns the rule on or off.</td>
     </tr>
     </tr>
     <tr>
     <tr>
       <td>Name</td>
       <td>Name</td>
       <td>string; Default <b>none</b></td>
       <td>string; default <b>none</b></td>
       <td>Name of the rule. This is used for easier management purposes.</td>
       <td>Name of the rule. This is used for easier management purposes.</td>
     </tr>
     </tr>
     <tr>
     <tr>
       <td>Restrict to address family</td>
       <td>Restrict to address family</td>
       <td>IPv4 and IPv6 | IPv4 only | IPv6 only; Default: <b>IPv4 and IPv6</b></td>
       <td>IPv4 and IPv6 | IPv4 only | IPv6 only; default: <b>IPv4 and IPv6</b></td>
       <td>IP address family to which the rule will apply to.</td>
       <td>IP address family to which the rule will apply to.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Protocol</td>
     <td>Protocol</td>
         <td>TCP+UDP | TCP | UDP | ICMP | -- custom --; Default: <b>TCP+UDP</b></td>
         <td>TCP+UDP | TCP | UDP | ICMP | -- custom --; default: <b>TCP+UDP</b></td>
         <td>Specifies to which protocols the rule should apply.</td>
         <td>Specifies to which protocols the rule should apply.</td>
     </tr>
     </tr>
Line 392: Line 392:
     <tr>
     <tr>
     <td>Destination zone</td>
     <td>Destination zone</td>
         <td>firewall zone; Default: <b>Device (input)</b></td>
         <td>firewall zone; default: <b>Device (input)</b></td>
         <td>Target zone of the incoming connection.</td>
         <td>Target zone of the incoming connection.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Destination address</td>
     <td>Destination address</td>
         <td>ip | ip/netmask; Default: <b>any</b></td>
         <td>ip | ip/netmask; default: <b>any</b></td>
         <td>Tagert IP address or network segment of the incoming connection.</td>
         <td>Tagert IP address or network segment of the incoming connection.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Destination port</td>
     <td>Destination port</td>
         <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: <b>none</b></td>
         <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td>
         <td>Tagert port or range of ports of the incoming connection.</td>
         <td>Tagert port or range of ports of the incoming connection.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Action</td>
     <td>Action</td>
         <td>DROP | ACCEPT | REJECT; Default: <b>ACCEPT</b></td>
         <td>DROP | ACCEPT | REJECT; default: <b>ACCEPT</b></td>
         <td>Action that is to be taken when a packet meets the MATCH conditions.
         <td>Action that is to be taken when a packet meets the MATCH conditions.
             <ul>
             <ul>
Line 418: Line 418:
     <tr>
     <tr>
     <td>Extra arguments</td>
     <td>Extra arguments</td>
         <td>string; Default: <b>none</b></td>
         <td>string; default: <b>none</b></td>
         <td>Adds extra .iptables options to the rule.</td>
         <td>Adds extra .iptables options to the rule.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Week days</td>
     <td>Week days</td>
         <td>days of the week [Sunday..Saturday]; Default: <b>none</b></td>
         <td>days of the week [Sunday..Saturday]; default: <b>none</b></td>
         <td>Specifies on which days of the week the rule is valid.</td>
         <td>Specifies on which days of the week the rule is valid.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Month days</td>
     <td>Month days</td>
         <td>days of the month [1..31]; Default: <b>none</b></td>
         <td>days of the month [1..31]; default: <b>none</b></td>
         <td>Specifies on which days of the month the rule is valid.</td>
         <td>Specifies on which days of the month the rule is valid.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Start Time (hh:mm:ss)</td>
     <td>Start Time (hh:mm:ss)</td>
         <td>time [0..23:0..59:0..59]; Default: <b>none</b></td>
         <td>time [0..23:0..59:0..59]; default: <b>none</b></td>
         <td>Indicates the beginning of the time period during which the rule is valid.</td>
         <td>Indicates the beginning of the time period during which the rule is valid.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Stop Time (hh:mm:ss)</td>
     <td>Stop Time (hh:mm:ss)</td>
         <td>time [0..23:0..59:0..59]; Default: <b>none</b></td>
         <td>time [0..23:0..59:0..59]; default: <b>none</b></td>
         <td>Indicates the end of the time period during which the rule is valid.</td>
         <td>Indicates the end of the time period during which the rule is valid.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Start Date (yyyy-mm-dd)</td>
     <td>Start Date (yyyy-mm-dd)</td>
         <td>date [0000..9999:1..12:1..31]; Default: <b>none</b></td>
         <td>date [0000..9999:1..12:1..31]; default: <b>none</b></td>
         <td>Indicates the first day of the date of the period during which the rule is valid.</td>
         <td>Indicates the first day of the date of the period during which the rule is valid.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Stop Date (yyyy-mm-dd)</td>
     <td>Stop Date (yyyy-mm-dd)</td>
         <td>date [0000..9999:1..12:1..31]; Default: <b>none</b></td>
         <td>date [0000..9999:1..12:1..31]; default: <b>none</b></td>
         <td>Indicates the last day of the date of the period during which the rule is valid.</td>
         <td>Indicates the last day of the date of the period during which the rule is valid.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Time in UTC</td>
     <td>Time in UTC</td>
         <td>yes | no; Default: <b>no</b></td>
         <td>yes | no; default: <b>no</b></td>
         <td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the <b>[[{{{name}}}<nowiki> NTP|NTP]]</nowiki></b> section will be used.</td>
         <td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the <b>[[{{{name}}}<nowiki> NTP|NTP]]</nowiki></b> section will be used.</td>
     </tr>
     </tr>
</table>
</table>


 
===Open Ports on Router===
===Open ports on device===
----
----
The <b>Open ports on device</b> section provides a quick way to set simple rules that allow traffic on specified ports of the device. The figure below is an example of the Open ports on device section and the table below provides information on the fields contained in that section:
The <b>Open Ports on Router</b> section provides a quick way to set simple rules that allow traffic on specified ports of the device. The figure below is an example of the Open ports on device section and the table below provides information on the fields contained in that section:


[[File:Networking_rutos_manual_firewall_traffic_rules_open_ports_v1.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_firewall_traffic_rules_open_ports_on_router.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 473: Line 472:
     <tr>
     <tr>
       <td>Name</td>
       <td>Name</td>
       <td>string; Default: <b>none</b></td>
       <td>string; default: <b>none</b></td>
       <td>The name of the rule. This is used for easier management purposes.<br>The name field is filled automatically when port numbers are specified, unless the name was specified beforehand by the user.</td>
       <td>The name of the rule. This is used for easier management purposes.<br>The name field is filled automatically when port numbers are specified, unless the name was specified beforehand by the user.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Protocol</td>
     <td>Protocol</td>
         <td>TCP+UDP | TCP | UDP | Other; Default: <b>TCP+UDP</b></td>
         <td>TCP+UDP | TCP | UDP | Other; default: <b>TCP+UDP</b></td>
         <td>Specifies to which protocols the rule should apply.</td>
         <td>Specifies to which protocols the rule should apply.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>External port</td>
     <td>External port</td>
         <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: <b>none</b></td>
         <td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td>
         <td>Specifies which port(s) should be opened.</td>
         <td>Specifies which port(s) should be opened.</td>
     </tr>
     </tr>
Line 502: Line 501:
     <tr>
     <tr>
       <td>Name</td>
       <td>Name</td>
       <td>string; Default: <b>none</b></td>
       <td>string; default: <b>none</b></td>
       <td>The name of the rule. This is used for easier management purposes.</td>
       <td>The name of the rule. This is used for easier management purposes.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Source zone</td>
     <td>Source zone</td>
         <td>firewall zone; Default: <b>WAN</b></td>
         <td>firewall zone; default: <b>wan</b></td>
         <td>The zone from which traffic has originated.</td>
         <td>The zone from which traffic has originated.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Destination zone</td>
     <td>Destination zone</td>
         <td>firewall zone; Default: <b>LAN</b></td>
         <td>firewall zone; default: <b>lan</b></td>
         <td>The zone to which traffic will be forwarded to.</td>
         <td>The zone to which traffic will be forwarded to.</td>
     </tr>
     </tr>
Line 540: Line 539:
     <tr>
     <tr>
       <td>Name</td>
       <td>Name</td>
       <td>string; Default: <b>none</b></td>
       <td>string; default: <b>none</b></td>
       <td>The name of the rule. This is used for easier management purposes.</td>
       <td>The name of the rule. This is used for easier management purposes.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Source zone</td>
     <td>Source zone</td>
         <td>firewall zone; Default: <b>LAN</b></td>
         <td>firewall zone; default: <b>LAN</b></td>
         <td>The zone from which traffic has originated.</td>
         <td>The zone from which traffic has originated.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>Destination zone</td>
     <td>Destination zone</td>
         <td>firewall zone; Default: <b>WAN</b></td>
         <td>firewall zone; default: <b>WAN</b></td>
         <td>The zone to which traffic will be forwarded to.</td>
         <td>The zone to which traffic will be forwarded to.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>To source IP</td>
     <td>To source IP</td>
         <td>ip | do not rewrite; Default: <b>Do not rewrite</b></td>
         <td>ip | do not rewrite; default: <b>Do not rewrite</b></td>
         <td>Changes the source IP in the packet header to the value specified in this field.</td>
         <td>Changes the source IP in the packet header to the value specified in this field.</td>
     </tr>
     </tr>
     <tr>
     <tr>
     <td>To source port</td>
     <td>To source port</td>
         <td>integer [0..65335] | do not rewrite; Default: <b>Do not rewrite</b></td>
         <td>integer [0..65335] | do not rewrite; default: <b>Do not rewrite</b></td>
         <td>Changes the source port in the packet header to the value specified in this field.</td>
         <td>Changes the source port in the packet header to the value specified in this field.</td>
     </tr>
     </tr>