Security Firewall management with IP filters
Digi TransPort WR Routers User Guide
87
On a Wi-Fi LAN, you can also configure client and access point isolation. These rules might typically be
used when partial isolation is desirable.
WARNING! The commands in the following example could remove access to services for
LAN devices. If you or your users are connected through the LAN, this example may prevent
access.
The example demonstrates that multiple IP filter rules have an order precedence. Use multiple
IPfilter rules to build more complex access control than a single rule could provide:
n Creates two IP filter rules, one at index 5, the other at index 6.
n Rule 5 is an Accept rule that allows LAN 1 to access any LAN for the SSH service (port 22). It is
executed before rule 6.
n Rule 6 is a Reject rule that restricts LAN 1 from accessing any protocol and any port on other
LANs. It is executed after rule 5.
digi.router> ip-filter 5 description Allow LAN1 SSH to Other LANs
digi.router> ip-filter 5 action accept
digi.router> ip-filter 5 src lan1
digi.router> ip-filter 5 dst any-lan
digi.router> ip-filter 5 protocol tcp
digi.router> ip-filter 5 dst-ip-port 22
digi.router> ip-filter 5 state on
digi.router> ip-filter 6 description Restrict LAN1 from Accessing Other LANs
digi.router> ip-filter 6 action Reject
digi.router> ip-filter 6 src lan1
digi.router> ip-filter 6 dst any-lan
digi.router> ip-filter 6 protocol any
digi.router> ip-filter 6 state on
digi.router> save config
To Next Page
Loading...
