EasyManua.ls Logo

Digi TransPort LR54 - Default Firewall Configuration

Digi TransPort LR54
512 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Advanced topics Using the firewall command
Digi TransPort WR Routers User Guide
502
For example, the policy could be to drop all inbound packets that do not explicitly match any of the
chain rules.
Using a policy rule is better than simply defining a normal rule that matches all packets. Policy rules
are the last rule tested for a chain, while a normal rule could appear anywhere in the list of rules,
depending how rules were added.
Default firewall configuration
To provide a secure device out-of-the-box, the router's firewall is configured for the following default
behavior:
n Block all traffic received on the physical interfaces for WANs (eth1, cellular1, cellular2) except
for traffic for established connections or related data.
n Allow all traffic from the physical interfaces for LANs to be forwarded by the device.
n Only allow ICMP, SSH, HTTP, HTTPS, DNS and DHCP traffic to be received on the physical
interfaces for LANs.
n All other traffic is blocked.
The default settings allows devices connected on the physical interfaces for LANs to make
connections over the physical interfaces for WANs, but remote devices cannot make a connection to
the device or devices connected on the physical interfaces for LANs.
This means that by default it is not possible to make an HTTPS or SSH connection via a WAN. To allow
HTTPS or SSH connections over a WAN, see Allow HTTPS access on a WAN and Allow SSH access on a
WAN to change the default firewall behavior.
Example firewall rules
Filter Table
------------
Chain INPUT (policy DROP xx packets, xxx bytes)
num pkts bytes target prot opt in out source destination
[....snip....]
5 0 0 ACCEPT icmp -- lan+ any anywhere anywhere /* (autogenerated)
lan */
6 0 0 ACCEPT tcp -- lan+ any anywhere anywhere tcp dpt:22 /*
(autogenerated) lan */
7 0 0 ACCEPT tcp -- lan+ any anywhere anywhere tcp dpt:http /*
(autogenerated) lan */
8 0 0 ACCEPT tcp -- lan+ any anywhere anywhere tcp dpt:443 /*
(autogenerated) lan */
9 0 0 ACCEPT udp -- lan+ any anywhere anywhere udp dpt:67 /*
(autogenerated) lan */
10 0 0 ACCEPT udp -- lan+ any anywhere anywhere udp dpt:53 /*
(autogenerated) lan */
[....snip....]

Table of Contents

Other manuals for Digi TransPort LR54

Preview: Hardware Reference
Hardware Reference21 pages
Preview: Quick Start Guide
Quick Start Guide2 pages

Related product manuals