27: Configuring firewall
_______________________________________________________________________________________________________
_____________________________________________________________________________________________________
© Virtual Access 2017
GW1000 Series User Manual
Issue: 1.9 Page 252 of 350
Web: Destination port
UCI: firewall.<rule label>.dest_port
Opt: dest_port
For DNAT, redirects matched incoming traffic to the given port on
the internal host.
For SNAT, matches traffic directed at the given ports.
Web: Action
UCI: firewall.<rule label>.target
Opt: target
Action to take when rule is matched.
Web: Extra arguments
UCI: firewall.<rule label>.extra
Opt: extra
Passes extra arguments to IP tables. This is useful to specify
additional match options, like -m policy --dir in for IPSec.
Web: n/a
UCI: firewall.<rule label>.reflection
Opt: reflection
Disables NAT reflection for this redirect if set to 0. Applicable to
DNAT targets.
Web: n/a
UCI: firewall.<rule label>.limit
Opt: limit
Sets maximum average matching rate; specified as a number,
with an optional /second, /minute, /hour or /day suffix. Example
3/hour.
Web: n/a
UCI: firewall.<rule label>.limit_burst
Opt: limit_burst
Sets maximum initial number of packets to match. This number
gets recharged by one every time the limit specified above is not
reached, up to this number.
Web: n/a
UCI: firewall.<rule label>.recent
Opt: recent
Sets number of allowed connections within specified time. This
command takes two values e.g. recent=2 120 will allow 2
connections within 120 seconds.
Table 87: Information table for firewall traffic rules
host-precedence-
violation
ttl-zero-during-
reassembly
Table 88: Information table for match ICMP type drop-down menu
To Next Page
Loading...