Advanced topics Using the firewall command
Digi TransPort WR Routers User Guide
507
Delete all firewall rules
To remove all firewall rules, use the firewall or firewall6 command -F option. If you do not specify a
table, all the rules in the filter table are deleted.
firewall -F [-t <table>]
WARNING! Using firewall -F -t nat to clear entries in the NAT table removes entries that
perform NAT operations on WAN interfaces. Clearing such entries could leave the device
unreachable if you are remotely accessing it over a WAN interface.
Show firewall rules and counters
To display all firewall rules and counters, use the show firewall or show firewall6 command.
For example:
Display all firewall rules
digi.router> show firewall
Filter Table
------------
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 3 272 ACCEPT all -- eth+ any anywhere anywhere state RELATED,ESTABLISHED
/* (autogenerated) wan */
2 0 0 ACCEPT all -- cellular1 any anywhere anywhere state RELATED,ESTABLISHED
/* (autogenerated) wan */
3 0 0 ACCEPT all -- cellular2 any anywhere anywhere state RELATED,ESTABLISHED
/* (autogenerated) wan */
4 33 2412 tlr_wan_input all -- any any anywhere anywhere /* (autogenerated) wan */
5 0 0 ACCEPT icmp -- lan+ any anywhere anywhere /* (autogenerated) lan */
6 0 0 ACCEPT tcp -- lan+ any anywhere anywhere tcp dpt:22 /*
(autogenerated) lan */
7 0 0 ACCEPT tcp -- lan+ any anywhere anywhere tcp dpt:http /*
(autogenerated) lan */
8 0 0 ACCEPT tcp -- lan+ any anywhere anywhere tcp dpt:443 /*
(autogenerated) lan */
9 0 0 ACCEPT udp -- lan+ any anywhere anywhere udp dpt:67 /*
(autogenerated) lan */
10 0 0 ACCEPT udp -- lan+ any anywhere anywhere udp dpt:53 /*
(autogenerated) lan */
11 33 2412 ACCEPT all -- lo any anywhere anywhere /* (autogenerated) core */
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT tcp -- lan+ any anywhere anywhere state INVALID /*
(autogenerated)core */ reject-with tcp-reset
2 0 0 DROP all -- lan+ any anywhere anywhere state INVALID /*
(autogenerated) core */
3 0 0 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN /*
(autogenerated) core */ TCPMSS clamp to PMTU
4 0 0 ACCEPT all -- eth+ any anywhere anywhere state RELATED,ESTABLISHED
/* (autogenerated) wan */
5 0 0 ACCEPT all -- cellular1 any anywhere anywhere state RELATED,ESTABLISHED
/* (autogenerated) wan */
6 0 0 ACCEPT all -- cellular2 any anywhere anywhere state RELATED,ESTABLISHED
/* (autogenerated) wan */
7 0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /*
(autogenerated) port-forward */
8 0 0 ACCEPT all -- lan+ any anywhere anywhere /* (autogenerated) lan */
Chain OUTPUT (policy ACCEPT 8 packets, 576 bytes)
num pkts bytes target prot opt in out source destination
Chain tlr_wan_input (1 references)
num pkts bytes target prot opt in out source destination
Raw Table
---------
To Next Page
Loading...
