RUGGEDCOM ROX II
User Guide
Chapter 5
Setup and Configuration
Firewall Concepts 367
If required, reboot the router to flush all existing connection streams.
ROX II employs a stateful firewall system known as netfilter, a subsystem of the Linux kernel that provides the
ability to examine IP packets on a per-session basis.
For more information about firewalls, refer to Section 5.17.1, “Firewall Concepts”.
The following sections describe how to configure and manage a firewall:
• Section 5.17.2, “Viewing a List of Firewalls”
• Section 5.17.3, “Adding a Firewall”
• Section 5.17.4, “Deleting a Firewall”
• Section 5.17.5, “Working with Multiple Firewall Configurations”
• Section 5.17.9, “Managing Interfaces”
• Section 5.17.8, “Managing Zones”
• Section 5.17.11, “Managing Policies”
• Section 5.17.12, “Managing Network Address Translation Settings”
• Section 5.17.13, “Managing Masquerade and SNAT Settings”
• Section 5.17.10, “Managing Hosts”
• Section 5.17.14, “Managing Rules”
• Section 5.17.6, “Configuring the Firewall for a VPN”
• Section 5.17.7, “Configuring the Firewall for a VPN in a DMZ”
• Section 5.17.15, “Validating a Firewall Configuration”
• Section 5.17.16, “Enabling/Disabling a Firewall”
Section 5.17.1
Firewall Concepts
The following sections describe some of the concepts important to the implementation of firewalls in ROX II:
• Section 5.17.1.1, “Stateless vs. Stateful Firewalls”
• Section 5.17.1.2, “Linux netfilter”
• Section 5.17.1.3, “Network Address Translation”
• Section 5.17.1.4, “Port Forwarding”
• Section 5.17.1.5, “Protecting Against a SYN Flood Attack”
Section 5.17.1.1
Stateless vs. Stateful Firewalls
There are two types of firewalls: stateless and stateful.
Stateless or static firewalls make decisions about traffic without regard to traffic history. They simply open a path
for the traffic type based on a TCP or UDP port number. Stateless firewalls are relatively simple, easily handling
web and e-mail traffic. However, stateless firewalls have some disadvantages. All paths opened in the firewall are
To Next Page
Loading...
