RUGGEDCOM ROX II
CLI User Guide
Chapter 6
Security
Managing Firewalls 183
no admin known-hosts server-identification name
Where name is the unique name of the server.
3. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Section6.9
Managing Firewalls
Firewalls are software systems designed to prevent unauthorized access to or from private networks. Firewalls are
most often used to prevent unauthorized Internet users from accessing private networks (Intranets) connected to
the Internet.
When the RUGGEDCOM ROX II firewall is enabled, the router serves as a gateway machine through which all
messages entering or leaving the Intranet pass. The router examines each message and blocks those that do not
meet the specified security criteria. The router also acts as a proxy, preventing direct communication between
computers on the Internet and Intranet. Proxy servers can filter the kinds of communication that are allowed
between two computers and perform address translation.
NOTE
In general, the RUGGEDCOM ROX II firewall implementation will maintain established connections.
This applies when adding, deleting, or changing rules, and also when adding, deleting, or changing
policies. When applying new, or modified, rules or policies, previous traffic seen by the router might
still be considered as having valid connections by the connection tracking table. For instance:
a. A rule for the TCP and UDP protocols is applied.
b. The router sees both TCP and UDP traffic that qualifies for NAT.
c. The rule is then modified to allow only UDP.
d. The router will still see TCP packets (i.e. retransmission packets).
If required, reboot the router to flush all existing connection streams.
RUGGEDCOM ROX II employs a stateful firewall system known as netfilter, a subsystem of the Linux kernel that
provides the ability to examine IP packets on a per-session basis.
For more information about firewalls, refer to Section6.9.1, “Firewall Concepts”.
CONTENTS
• Section6.9.1, “Firewall Concepts”
• Section6.9.2, “Viewing a List of Firewalls”
• Section6.9.3, “Adding a Firewall”
• Section6.9.4, “Deleting a Firewall”
• Section6.9.5, “Working with Multiple Firewall Configurations”
• Section6.9.6, “Configuring the Firewall for a VPN”
• Section6.9.7, “Configuring the Firewall for a VPN in a DMZ”
• Section6.9.8, “Configuring Netfilter”
• Section6.9.9, “Managing Zones”
• Section6.9.10, “Managing Interfaces”
To Next Page
Loading...
Need help?
General
