virtual access GW1000M Series

To Next Page

To Previous Page

27: Configuring firewall

_______________________________________________________________________________________________________

_____________________________________________________________________________________________________

GW1000 Series User Manual

Issue: 1.9 Page 246 of 350

27.2.2.2 Firewall zone: advanced settings

Figure 127: Firewall zone advanced settings

Web Field/UCI/Package Option

Description

Web: Restrict Masquerading to given

source subnets.

UCI: firewall.<zone label>.masq_src

Opt: masq_src

Limits masquerading to the given source subnets. Negation is

possible by prefixing the subnet with ‘!’. Multiple subnets are

allowed.

Web: Restrict Masquerading to given

destination subnets.

UCI: firewall.<zone label>.masq_dest

Opt: masq_dest

Limits masquerading to the given destination subnets. Negation

is possible by prefixing the subnet with ‘!’. Multiple subnets are

allowed. Multiple IP addresses/subnets should be separated by a

space: Example

option masq_dest ‘1.1.1.1 2.2.2.0/24’

Web: Force connection tracking

UCI: firewall.<zone label>.conntrack

Opt: conntrack

Forces connection tracking for this zone.

Disabled.

If masquerading is used. Otherwise,

default is 0.

Web: Enable logging on this zone

UCI: firewall.<zone label>.log

Opt: log

Creates log rules for rejected and dropped traffic in this zone.

Web: Limit log messages

UCI: firewall.<zone label>.log_limit

Opt: log_limit

Limits the amount of log messages per interval.

Table 83: Information table for zone settings

virtual access GW1000M Series - Page 246