Advanced topics Using firewall and firewall6 commands
Digi TransPort WR Routers User Guide
500
Using firewall and firewall6 commands
Using the firewall command
The TransPort firewall is a full stateful firewall that controls which packets are allowed into and out of
the device. Firewalls can filter packets based on the IP address, protocol, TCP ports, and UDP ports.
You can either:
n Allow TransPort to automatically manage firewall rules using built-in features, such as port
forwarding and IP filters.
or
n Directly manage firewalls using the firewall and firewall6 commands.
n Directly manage firewalls using the firewall command.
This section describes how to manage firewalls using the firewall and firewall6 commands. Use the
firewall command to manage IPv4 traffic, and use the firewall6 command to manage IPv6 traffic. Both
firewall commands function in the same manner except the firewall6 command does not manage a
nat table.
For details on how to manage firewalls using built-in TransPort features, see Understanding system
firewall rules.
TransPort firewalls based on iptables firewall
The TransPort firewall and firewall6 commands are based on the open-source firewall named
iptables. Both commands use the same syntax as iptables, except the rules start with the keyword
firewall or firewall6 instead of iptables. The firewall syntax is case-sensitive.
For more information on configuring the firewall, see www.netfilter.org/documentation and
IptablesHowTo.
Note TransPort automatically manages some iptables rules, referred to as system firewall rules.
Some system firewall rules are added when the device starts; other system firewall rules are added
and removed when built-in features are configured. For example, when you use port forwarding, the
TransPort adds system firewall rules based on your port forwarding rules. Take care when directly
modifying firewall rules using firewall and firewall6 commands. The system may reapply unmodified
rules when you use certain commands, the system restarts, or other configuration changes are made.
See Understanding system firewall rules for details.
Tables and chains in firewall rules
Depending on their function, firewall rules are organized into tables and chains. The tables define the
function of the rule. The chains define when the rule is applied in relation to when a packet is being
received, sent or forwarded.
Tables
Firewall tables are as follows:
filter
The filter table filters packets being sent, received, and forwarded by the device. This is the default
table if one is not specified in the firewall rule. The filter table supports these chains: INPUT,
OUTPUT, FORWARD.
To Next Page
Loading...
