Advanced topics Understanding system firewall rules
Digi TransPort WR Routers User Guide
510
Understanding system firewall rules
This section explains how TransPort built-in components automatically create and apply system
firewall rules transparently when you configure system components.
Who should read this section
Do this
... If you
Skip this
section
If you do not use the firewall or firewall6 commands or you use the commands only to
create simple firewall rules that allow greater access to device features, skip this
section.
Continue
reading
this
section
If you use the firewall or firewall6 commands to create or manage firewall rules on your
TransPort device, read this section to understand how TransPort components
automatically create and manage system firewall rules and how all firewall rules—both
system-generated and command-generated—are saved and applied.
What are system firewall rules?
System firewall rules are automatically created and managed when you configure various TransPort
components. For example, the WAN, LAN, and port-forward components create and manage system
firewall rules when you configure the components, either from the web interface or the command line.
System firewall rules are applied when the TransPort device starts and anytime you configure a
TransPort component that creates or modifies a system firewall rule.
Demonstration
For example, if you enter the following command to allow HTTPS access on WAN 1:
wan 1 allow-https-access on
TransPort automatically creates a new system firewall rule in the tlr_wan_input section of the
iptables chain. See Using firewall and firewall6 commands for more information about tables and
chains.
The new rule might look like this:
Chain tlr_wan_input (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:443 /* (autogenerated) wan 1 */
The WAN firewall rule will be re-applied anytime the WAN configuration is changed from the web
interface or the command line.
User priority chains
WARNING! Take extreme care when using user priority chain rules. If you implement user
priority chain rules incorrectly, you can expose your device to security threats or disable
remote access to the device.
To Next Page
Loading...
