Advanced topics Using the firewall command
Digi TransPort WR Routers User Guide
505
If you do not specify a table (-t), the default table is the filter table.
For example, to append a rule to the bottom of the filter table:
digi.router> firewall -A INPUT -i lan1 -p icmp –-icmp-type echo-request -j DROP
digi.router>
The show firewall output for the filter table created by the above command:
digi.router> show firewall filter
Filter Table
------------
Chain INPUT (policy DROP 4 packets, 256 bytes)
num pkts bytes target prot opt in out source destination
1 3 152 DROP tcp -- any any anywhere anywhere tcp dpt:22
2 0 0 DROP icmp -- lan1 any anywhere anywhere icmp echo-request
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 4 packets, 256 bytes)
num pkts bytes target prot opt in out source destination
digi.router>
Insert a rule at any position of the firewall
To insert rules into the firewall at any position, the firewall or firewall6 command –I option, using the
following syntax:
fi
re
wal
l
[
-t
tab
le
]
–
I
<
cha
in>
<po
si
ti
on>
<r
ul
e>
For example, to insert a rule before the second rule, specify a position of 2.
digi.router>
digi.router> show firewall filter
Filter Table
------------
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 3 152 DROP tcp -- any any anywhere anywhere tcp dpt:22
2 74 4440 DROP icmp -- lan1 any anywhere anywhere icmp echo-request
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
digi.router>
digi.router> firewall -I INPUT 2 -i cellular1 -p udp --dport 7 -j ACCEPT
digi.router>
digi.router> show firewall filter
Filter Table
------------
Chain INPUT (policy DROP 4 packets, 256 bytes)
num pkts bytes target prot opt in out source destination
1 3 152 DROP tcp -- any any anywhere anywhere tcp dpt:22
2 0 0 ACCEPT udp -- cellular1 any anywhere anywhere udp dpt:7
3 74 4440 DROP icmp -- lan1 any anywhere anywhere icmp echo-request
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 4 packets, 256 bytes)
num pkts bytes target prot opt in out source destination
digi.router>
For more information on configuring the firewall, see www.netfilter.org/documentation and
IptablesHowTo.
To Next Page
Loading...
