Template:Networking rutos manual firewall: Difference between revisions
Template:Networking rutos manual firewall (view source)
Revision as of 10:43, 24 November 2022
, 24 November 2022no edit summary
Gytispieze (talk | contribs) No edit summary |
Gytispieze (talk | contribs) No edit summary |
||
Line 241: | Line 241: | ||
<tr> | <tr> | ||
<td>External port</td> | <td>External port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>The port number to which hosts will be connecting.<td> | <td>The port number to which hosts will be connecting.<td> | ||
</tr> | </tr> | ||
Line 251: | Line 251: | ||
<tr> | <tr> | ||
<td>Internal port</td> | <td>Internal port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>The port number to which the incoming connection will be redirected.</td> | <td>The port number to which the incoming connection will be redirected.</td> | ||
</tr> | </tr> | ||
Line 304: | Line 304: | ||
<tr> | <tr> | ||
<td>Source port</td> | <td>Source port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>Port number(s) used by the connecting host.<br>The rule will match the source port used by the connecting host with the port number(s) specified in this field. Leave empty to make the rule skip source port matching.<td> | <td>Port number(s) used by the connecting host.<br>The rule will match the source port used by the connecting host with the port number(s) specified in this field. Leave empty to make the rule skip source port matching.<td> | ||
</tr> | </tr> | ||
Line 314: | Line 314: | ||
<tr> | <tr> | ||
<td>External port</td> | <td>External port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>Port number(s) to which hosts will be connecting.<br>The rule will apply only to hosts that connect to the port number(s) specified in this field. Leave empty to make the rule skip external port matching.<td> | <td>Port number(s) to which hosts will be connecting.<br>The rule will apply only to hosts that connect to the port number(s) specified in this field. Leave empty to make the rule skip external port matching.<td> | ||
</tr> | </tr> | ||
Line 329: | Line 329: | ||
<tr> | <tr> | ||
<td>Internal port</td> | <td>Internal port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>The port number to which the incoming connection will be redirected.</td> | <td>The port number to which the incoming connection will be redirected.</td> | ||
</tr> | </tr> | ||
Line 358: | Line 358: | ||
You will be redirected to that rule's configuration page: | You will be redirected to that rule's configuration page: | ||
[[File: | [[File:Networking_rutos_manual_firewall_traffic_rules_configuration_v1.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 383: | Line 383: | ||
<tr> | <tr> | ||
<td>Protocol</td> | <td>Protocol</td> | ||
<td>TCP+UDP | TCP | UDP | <span style="color:red">ICMP</span> | <td>Any | TCP+UDP | TCP | UDP | <span style="color:red">ICMP</span>; default: <b>TCP+UDP</b></td> | ||
<td>Specifies to which protocols the rule should apply.</td> | <td>Specifies to which protocols the rule should apply.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td><span style="color:red"> Match ICMP type</span></td> | <td><span style="color:red"> Match ICMP type</span></td> | ||
<td> | <td> Any | ICMP-type | + Add new; default: '''none'''</td> | ||
<td>Allows matching specific ICMP types.</td> | <td>Allows matching specific ICMP types.</td> | ||
</tr> | </tr> | ||
Line 408: | Line 408: | ||
<tr> | <tr> | ||
<td>Source port</td> | <td>Source port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>Port number(s) used by the connecting host.<br>The rule will match the source port used by the connecting host with the port number(s) specified in this field. Leave empty to make the rule skip source port matching.<td> | <td>Port number(s) used by the connecting host.<br>The rule will match the source port used by the connecting host with the port number(s) specified in this field. Leave empty to make the rule skip source port matching. Port negation using is also available, for ex. <b>!1</b>.<td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 423: | Line 423: | ||
<tr> | <tr> | ||
<td>Destination port</td> | <td>Destination port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>Tagert port or range of ports of the incoming connection.</td> | <td>Tagert port or range of ports of the incoming connection. Port negation using is also available, for ex. <b>!1</b>.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Action</td> | <td>Action</td> | ||
<td>Drop | Accept | Reject | Don't track; default: <b>Accept</b></td> | <td>Drop | Accept | Reject | Don't track | <span style="color:green">DSCP</span> | <span style="color:blue">Mark</span>; default: <b>Accept</b></td> | ||
<td>Action that is to be taken when a packet matches the conditions of the rule. | <td>Action that is to be taken when a packet matches the conditions of the rule. | ||
<ul> | <ul> | ||
Line 435: | Line 435: | ||
<li><b>Reject</b> – packet is stopped, deleted and, differently from Drop, an ICMP packet containing a message of rejection is sent to the source from which the dropped packet came.</li> | <li><b>Reject</b> – packet is stopped, deleted and, differently from Drop, an ICMP packet containing a message of rejection is sent to the source from which the dropped packet came.</li> | ||
<li><b>Don't track</b> – packet is no longer tracked as it moves forward.</li> | <li><b>Don't track</b> – packet is no longer tracked as it moves forward.</li> | ||
<li><b>DSCP</b> – packet is marked with specified DiffServ Code Point value.</li> | |||
<li><b>Mark</b> – packet is marked with specified firewall mark..</li> | |||
</ul> | </ul> | ||
</td> | </td> | ||
</tr> | |||
<tr> | |||
<td><span style="color:green">DSCP</span>: Set Target value</td> | |||
<td>Default | DSCP values; default: <b>Default</b></td> | |||
<td>If specified, target traffic against the given firewall DSCP value.</td> | |||
</tr> | |||
<tr> | |||
<td><span style="color:blue">Mark</span>: Set Target value</td> | |||
<td>hex; default: <b>none</b></td> | |||
<td>If specified, target traffic against the given firewall mark, e.g. 0xFF to target mark 255 or 0x0/0x1 to target any even mark value.</td> | |||
</tr> | |||
<tr> | |||
<td>Action</td> | |||
<td><span style="color:green">DSCP</span> | <span style="color:blue">Mark</span>; default: <b>none</b></td> | |||
<td>Match traffic against the given DSCP value or firewall mark</td> | |||
</tr> | |||
<tr> | |||
<td><span style="color:green">DSCP</span>: Set Match value</td> | |||
<td>Default | DSCP values; default: <b>Default</b></td> | |||
<td>Match traffic against the given firewall DSCP value.</td> | |||
</tr> | |||
<tr> | |||
<td><span style="color:blue">Mark</span>: Set Match value</td> | |||
<td>hex; default: <b>none</b></td> | |||
<td>If specified, match traffic against the given firewall mark, e.g. 0xFF to match mark 255 or 0x0/0x1 to match any even mark value.</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 445: | Line 472: | ||
<tr> | <tr> | ||
<td>Week days</td> | <td>Week days</td> | ||
<td>days of the week [ | <td>days of the week [Monday..Sunday]; default: <b>none</b></td> | ||
<td>Specifies on which days of the week the rule is valid.</td> | <td>Specifies on which days of the week the rule is valid.</td> | ||
</tr> | </tr> | ||
Line 504: | Line 531: | ||
<tr> | <tr> | ||
<td>External port</td> | <td>External port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>Specifies which port(s) should be opened.</td> | <td>Specifies which port(s) should be opened.</td> | ||
</tr> | </tr> | ||
Line 589: | Line 616: | ||
<tr> | <tr> | ||
<td>To Source Port</td> | <td>To Source Port</td> | ||
<td>integer [0..65335] | do not rewrite; default: <b>none</b></td> | <td>integer [0..65335] | port inversion [!0..!65535] | do not rewrite; default: <b>none</b></td> | ||
<td>Changes the source port in the packet header to the value specified in this field.</td> | <td>Changes the source port in the packet header to the value specified in this field.</td> | ||
</tr> | </tr> | ||
Line 645: | Line 672: | ||
<tr> | <tr> | ||
<td>Source port</td> | <td>Source port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>Mathes traffic originated from specified port number.<td> | <td>Mathes traffic originated from specified port number.<td> | ||
</tr> | </tr> | ||
Line 660: | Line 687: | ||
<tr> | <tr> | ||
<td>Destination port</td> | <td>Destination port</td> | ||
<td>integer [0..65535] | range of integers [0..65534] - [1..65535]; default: <b>none</b></td> | <td>integer [0..65535] | range of integers [0..65534] - [1..65535] | port inversion [!0..!65535]; default: <b>none</b></td> | ||
<td>Matches traffic destined for the specified port number.</td> | <td>Matches traffic destined for the specified port number.</td> | ||
</tr> | </tr> | ||
Line 680: | Line 707: | ||
<tr> | <tr> | ||
<td>Week days</td> | <td>Week days</td> | ||
<td>days of the week [ | <td>days of the week [Monday..Sunday]; default: <b>none</b></td> | ||
<td>Specifies on which days of the week the rule is valid.</td> | <td>Specifies on which days of the week the rule is valid.</td> | ||
</tr> | </tr> |