27: Configuring firewall
_______________________________________________________________________________________________________
_____________________________________________________________________________________________________
© Virtual Access 2017
GW1000 Series User Manual
Issue: 1.9 Page 263 of 350
option dest_port 500
option target ACCEPT
27.7.15 Manual iptables rules
You can specify traditional iptables rules, in the standard iptables unix command form, in
an external file and included in the firewall config file. It is possible to use this process to
include multiple files.
config include
option path /etc/firewall.user
config include
option path /etc/firewall.vpn
The syntax for the includes is Linux standard and therefore different from UCIs.
27.7.16 Firewall management
After a configuration change, to rebuild firewall rules, enter:
root@VA_router:/# /etc/init.d/firewall restart
Executing the following command will flush all rules and set the policies to ACCEPT on all
standard chains:
root@VA_router:/# /etc/init.d/firewall stop
To manually start the firewall, enter:
root@VA_router:/# /etc/init.d/firewall start
To permanently disable the firewall, enter:
root@VA_router:/# /etc/init.d/firewall disable
Note: disable does not flush the rules, so you might be required to issue a stop before.
To enable the firewall again, enter:
root@VA_router:/# /etc/init.d/firewall enable
27.7.17 Debug generated rule set
It is possible to observe the iptables commands generated by the firewall programme.
This is useful to track down iptables errors during firewall restarts or to verify the
outcome of certain UCI rules.
To see the rules as they are executed, run the fw command with the FW_TRACE
environment variable set to 1 (one):
root@VA_router:/# FW_TRACE=1 fw reload
To Next Page
Loading...