Advanced topics Using the firewall command
Digi TransPort WR Routers User Guide
508
Chain PREROUTING (policy ACCEPT 116 packets, 17802 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 36 packets, 2684 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 36 packets, 2620 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 36 packets, 2620 bytes)
num pkts bytes target prot opt in out source destination
NAT Table
---------
Chain PREROUTING (policy ACCEPT 2 packets, 120 bytes)
num pkts bytes target prot opt in out source destination
1 38 10641 tlr_port_forward all -- any any anywhere anywhere /* (autogenerated) port-
forward */
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 72 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 72 bytes)
num pkts bytes target prot opt in out source destination
1 3 208 MASQUERADE all -- any eth1 anywhere anywhere
2 0 0 MASQUERADE all -- any cellular1 anywhere anywhere
3 0 0 MASQUERADE all -- any cellular2 anywhere anywhere
Chain tlr_port_forward (1 references)
num pkts bytes target prot opt in out source destination
Display a specific firewall table
To display individual firewall tables, specify the table name on the show firewall or show firewall6
command. In the command output, the policy for each chain is also displayed in brackets after the
chain name. For example:
digi.router> show firewall filter
Filter Table
------------
Chain INPUT (policy ACCEPT 1732 packets, 117K bytes)
num pkts bytes target prot opt in out source destination
1 16 960 DROP tcp -- cellular1 any anywhere anywhere tcp dpt:22
Chain FORWARD (policy ACCEPT 788 packets, 82764 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1646 packets, 110K bytes)
num pkts bytes target prot opt in out source destination
digi.router>
Display and clear firewall rule counters
The firewall keeps a counter for each rule that counts the number of packets and bytes that have
been matched against the rule. This is a useful tool to determine if a rule is correctly detecting
packets.
To clear the counters, use the clear firewall and clear firewall6 commands.
digi.router> show firewall filter
Filter Table
------------
Chain INPUT (policy ACCEPT 1732 packets, 117K bytes)
num pkts bytes target prot opt in out source destination
1 3 152 DROP tcp -- cellular1 any anywhere anywhere tcp dpt:22
2 23 1380 DROP icmp -- lan1 any anywhere anywhere icmp echo-request
To Next Page
Loading...
