Security Firewall management with IP filters
Digi TransPort WR Routers User Guide
79
Firewall management with IP filters
TransPort secures your network by controlling network traffic using a variety of mechanisms, such as
Port forwarding (see Port forwarding) and allow-https-access/allow-ssh-access (see Wide Area
Networks (WANs)).
IP filter rules allow you to further control network traffic by allowing and restricting access based on
filter criteria.
For example, you can use an IPfilter rule to:
n IP filter example: Allow additional traffic into the device
n IP filter example: Restrict access by rejecting traffic from a LAN to a WAN
n IP filter example: Restrict access to an open service
n IP filter example: Restrict access to a router service from LAN devices
n IP filter example: Restrict LAN-to-LAN for all but one service
IPfilter source and destination options
Network traffic managed by IP filter rules can be categorized into three groups:
n Incoming traffic: Traffic destined to a service or application on the router.
n Forwarded traffic: Traffic flowing through the router from one network host to another.
n Outgoing traffic: Traffic originating from a service or application on the router.
If you want to create an IP filter rule that applies only to incoming traffic received using the source
LAN or WAN, specify only the source option. In this case, incoming network traffic refers only to
inbound traffic that is destined for a service on the router, not all traffic flowing through the router
destined for another host.
If you want to create an IPfilter rule that applies only to traffic flowing through the router received
using a source LAN or WAN, specify both the source and destination options. The source and
destination values must be different from each other or the rule is not applied.
Infrequently, you may need to create an IP filter rule that applies only to outgoing network traffic sent
using the destination LAN or WAN. To do so, specify only the destination option. In this case, outgoing
network traffic refers only to outbound traffic sent from a service on the router, not all traffic flowing
through the router from another host.
Note Invalid IPfilter rules are not applied. To be valid, a rule must include the Source, Destination, or
both the Source and Destination options. The Source and Destination options must be different from
each other.
Example: Incoming traffic rule
The following rule applies only to incoming traffic received from any configured WAN, regardless of
other specified parameters.
Note The destination None value is the default and need not be specified.
ip-filter 1 src any-wan
ip-filter 1 dst none
To Next Page
Loading...
