EasyManua.ls Logo

virtual access GW1000M Series - Page 253

virtual access GW1000M Series
350 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
27: Configuring firewall
_______________________________________________________________________________________________________
_____________________________________________________________________________________________________
© Virtual Access 2017
GW1000 Series User Manual
Issue: 1.9 Page 253 of 350
27.2.5 Custom rules
Iptables rules can be defined here. Custom rules are applied after all other rules are
applied. Consult official iptables documentation for exact syntax and details.
Figure 132: The custom rules page
Command
Description
src
Specifies the traffic source zone, must refer to one of the defined zone names.
src_ip
Match incoming traffic from the specified source IP address.
src_mac
Match incoming traffic from the specified mac address.
src_port
Match incoming traffic originating from the given source port or port range on the client host if
tcp or udp is specified as protocol.
proto
Match incoming traffic using the given protocol. Can be one of tcp, udp, tcpudp, udplite, icmp,
esp, ah, sctp, or all or it can be a numeric value, representing one of these protocols or a
different one. A protocol name from /etc/protocols is also allowed. The number 0 is equivalent
to all.
Dest
Specifies the traffic destination zone, must refer to one of the defined zone names. If specified,
the rule applies to forwarded traffic else it is treated as input rule.
dest_ip
Match incoming traffic directed to the specified destination IP address.
dest_port
Match incoming traffic directed at the given destination port or port range on this host if tcp or
udp is specified as protocol.
target
Firewall action (ACCEPT, REJECT, DROP) for matched traffic.
family
Protocol family (ipv4, ipv6 or any) to generate iptables rules for.
limit
Maximum average matching rate; specified as a number, with an optional /second, /minute,
/hour or /day suffix. Example3/hour.
limit_burst
Maximum initial number of packets to match; this number gets recharged by one every time
the limit specified above is not reached, up to this number.
extra
Extra arguments to pass to iptables, this is mainly useful to specify additional match options,
like -m policy --dir in for IPSec.
Table 89: Information table for custom rules commands

Table of Contents

Other manuals for virtual access GW1000M Series

Preview: Installation And Operation Manual
Installation And Operation Manual23 pages