Template:Networking rutos manual firewall: Difference between revisions

Template:Networking rutos manual firewall (view source)

Revision as of 16:20, 4 December 2020

311 bytes removed , 4 December 2020

no edit summary

VisualWikitext

TomasS

0

edits

@@ Line 17: / Line 17: @@
 The <b>General Settings</b> section is used to configure the main policies of the device's firewall. The figure below is an example of the General Settings section and the table below provides information on the fields contained in that section:
-[[File:Networking_rutos_manual_firewall_general_settings_general_settings.png|border|class=tlt-border]]
+[[File:Networking_rutos_manual_firewall_general_settings_general_settings_v2.png|border|class=tlt-border]]
 <table class="nd-mantable">
@@ Line 34: / Line 34: @@
         	<td>off | on; default: <b>off</b></td>
         	<td>If enabled, a "Drop" action will be performed on packets that are determined to be invalid.</td>
+    </tr>
+    <tr>
+      	<td>Automatic helper assignment</td>
+       	<td>off | on; default: <b>on</b></td>
+       	<td>Automatically assigns conntrack helpers based on traffic protocol and port. If turned off, conntrack helpers can be selected for each zone.</td>
      </tr>
      <tr>
@@ Line 118: / Line 123: @@
 ====Zones: Advanced Settings====
 ----
-[[File:Networking_rutos_manual_firewall_general_settings_zones_advanced_settings.png|border|class=tlt-border]]
+[[File:Networking_rutos_manual_firewall_general_settings_zones_advanced_settings_v2.png|border|class=tlt-border]]
 <table class="nd-mantable">
@@ Line 155: / Line 160: @@
          <td>integer/minute; default: <b>none</b></td>
          <td>Limit how many messages can be logged in the span of 1 minute. For example, to log 50 packets per minute use: <i>50/minute</i>.</td>
+    </tr>
+    <tr>
+        <td>Conntrack helpers</td>
+        <td> Amanda backup and archiving proto (AMANDA) | FTP passive connection tracking (FTP) | RAS proto tracking (RAS) | Q.931 proto tracking (Q.931) | IRC DCC connection tracking (IRC) | NetBIOS name service broadcast tracking (NETBIOS-NS) | PPTP VPN connection tracking (PPTP) | SIP VoIP connection tracking (SIP) | SNMP monitoring connection tracking (SNMP) | TFTP connection tracking (TFTP); default: <b>none</b></td>
+        <td><b>This option appears only when automatic helper assignment option in the firewall's general settings is disabled. </b>Explicitly choses allowed connection tracking helpers for zone traffic.</td>
      </tr>
 </table>
@@ Line 944: / Line 954: @@
      </tr>
 </table>
-{{#ifeq: {{{series}}} | RUTX |
-==Helpers==
-The <b>Helpers</b> section provides you with the possibility to add firewall exceptions for some VoIP protocols, namely SIP and H.323. In other words, these functions provide a pass-through for VoIP communications between the device's LAN and WAN.
-<b>Technical explanation:</b>
-FTP, SIP and H.323 protocols are harder to filter by firewalls since they violate layering by introducing OSI layer 3/4 parameters in the OSI layer 7. NAT helpers are modules that are able to assist the firewall in tracking these protocols. These helpers create the so-called expectations that can be used to open necessary ports for RELATED connections. For example, FTP, GRE and PPTP helpers are enabled by default.
-[[File:Networking_rutos_manual_firewall_helpers_nat_helpers.png|border|class=tlt-border]]
-<table class="nd-mantable">
-    <tr>
-        <th>Field</th>
-       	<th>Value</th>
-       	<th>Description</th>
-    </tr>
-    <tr>
-      	<td>H323</td>
-       	<td>off <nowiki>|</nowiki> on; default: <b>off</b></td>
-       	<td>Turns H323 filtering on or off.</td>
-    </tr>
-    <tr>
-      	<td>SIP</td>
-       	<td>off <nowiki>|</nowiki> on; default: <b>off</b></td>
-       	<td>Turns SIP filtering on or off.</td>
-    </tr>
-</table>
-|}}
 [[Category:{{{name}}} Network section]]