Firewall configuration
Digi TransPort User Guide 660
Example:
Suppose your local network is on subnet 192.168.*.* and you want to block any packets received
on PPP 0 that were pretending to be on the local network, and log the receipt of any such packets
to the FWLOG.TXT file and to a syslog server. The filter rule is constructed as follows:
block in log syslog break end on ppp 0 from 192.168.0.0/16 to any
break
When the break option is specified it must be followed by a user-defined label name or the
predefined end keyword. When followed by a label, the rule processor jumps to that label to
continue processing. When followed by the end keyword, rule processing is terminated and
the packet is treated according to the last matching rule.
Example:
break ppp_label: on ppp 0
# insert rule processing here for packets that are not on ppp 0
break end
ppp_label:
# insert rule processing here for packets that are on ppp 0
on
The interface to which the rule applies; must be followed by a valid interface name. For
example, if you were only interested in applying a particular rule to packets being transmitted
or received by PPP 0, you would include ppp 0 in the rule. Valid interface-names are eth n,
tun n or ppp n, where n is the instance number.
oneroute
A rule will only match packets associated with the specified eroute. For example, including the
option oneroute 2 causes the rule to only match on packets transmitted or received over
Eroute 2. The oneroute option can be followed with the keyword any, which will match if the
packet is on any eroute.
routeto
When the routeto option is specified and the firewall is processing a received packet, if the
rule is the last matching rule, the packet is tagged as being required to be routed to the
specified interface.
To Next Page
Loading...
