Security Firewall management with IP filters
Digi TransPort WR Routers User Guide
80
IP filter criteria options
An IP filter rule applies only to network traffic (packets) matching the following set of filter criteria
options:
n Protocol
n Source IP address
n Source IPport
n Destination IP address
n Destination IPport
After determining if the network traffic is incoming, outgoing, or forwarded traffic, the filter criteria
are used to examine the network packet. If the packet matches the criteria, the rule action is applied
and the packet is accepted, dropped, or rejected.
Example: SSH criteria
The following rule applies only to packets coming from a host with a 10.20.x.y IP address that are for
the SSH server. SSH typically uses TCP protocol on port 22. The default values for source IP port and
destination IP address are not used because they are not relevant for this filter criteria.
ip-filter 1 protocol tcp
ip-filter 1 src-ip-address 10.20.0.0/16
ip-filter 1 dst-ip-port 22
IP filter rule priority
IP filter rules are higher priority than port forward rules, the WAN command allowing HTTPS or SSH
access, or rules that allow LAN access by default. Therefore, use IP filter rules to further filter traffic
by port, IP address, or protocol.
IPfilter rules are applied in order from 1 to the maximum number of rules. Use multiple rules to build
a more secure environment where some services are allowed, while others are rejected. See IP filter
examples.
Add an IP filter rule
Web
To add one or more IP filter rules:
1. On the menu, click Security > Firewall:
n Select Input IPFilters to add an input IPfilter.
n Select Routing IPFilters to add a routing IP filter.
2. Within the set of rules you want to add, click (Add Filter) to create a new filter. See Firewall
page for field descriptions.
3. When you have finished adding rules, click Apply.
To Next Page
Loading...
