Configure security settings Firewall
Digi TransPort WR Routers User Guide 690
Firewall Script syntax
A firewall must be individually configured to match the needs of authorized users and their
applications. On Digi routers, the rules governing firewall behavior are defined in a script file called
FW.TXT. Each line in this file consists of a label definition, a comment or a filter rule.
Labels
A label definition is a string of up to 12 characters followed by a colon. Labels can only include
letters, digits and the underscore character. Use labels with the break option to cause the
processing of the script to jump to a new location.
Comments
Any line starting with the hash character (#) is considered a comment and is ignored.
Filter rules
The syntax for a filter rule is:
[action] [in-out] [options] [tos] [proto] [dnslist] [ip-range]
[inspect-state]
▪ When the firewall is active, the script is processed one line at a time as each packet is received or
transmitted.
▪ Even when a packet matches a filter-rule, processing still continues and all the other filter rules
are checked until the end of the script is reached.
▪ The action taken on a particular packet is that specified by the last matching rule.
▪ With the break option, the script processing can be redirected to a new location or to the end of
the script if required.
▪ The default action that the firewall assigns to a packet is to block. This means if the packet does
not match any of the rules, it is blocked.
To Next Page
Loading...
