27: Configuring firewall
_______________________________________________________________________________________________________
_____________________________________________________________________________________________________
© Virtual Access 2017
GW1000 Series User Manual
Issue: 1.9 Page 251 of 350
Web Field/UCI/Package Option
Web: Rule is enabled
UCI: firewall.<rule label>.enabled
Opt: enabled
Enables or disables traffic rule.
Web: Name
UCI: firewall.<rule label>.name
Opt: name
Select a descriptive name limited to less than 11 characters.
Web: Restrict to address family
UCI: firewall.<rule label>.family
Opt: family
Restrict to protocol family.
'any'. This applies the rule to both IPv4
and IPv6
This applies the rule to IPv4 only
This applies the rule to IPv6 only
Web: Protocol
UCI: firewall.<rule label>.proto
Opt: proto
Matches incoming traffic using the given protocol.
Applies the rule to all protocols
Applies rule to TCP and UDP only
Applies rule to ICMP only
Specify protocol from /etc/protocols
Web: Match ICMP type
UCI: firewall.<rule label>.icmp_type
Opt: icmp_type
Match specific icmp types.
This option is only valid when ICMP is selected as the protocol.
ICMP types can be listed as either type names or type numbers.
Note: for a full list of valid ICMP type names, see the ICMP
Options table below.
Web: Source zone
UCI: firewall.<rule label>.src
Opt: src
Specifies the traffic source zone, must refer to one of the defined
zone names. For typical port forwards, this is usually WAN.
Web: Source MAC address
UCI: firewall.<rule label>.src_mac
Opt: src_mac
Matches incoming traffic from the specified MAC address.
The MAC address must be entered in the following format:
aa:bb:cc:dd:ee:ff:
To only match the first portion of the MAC address append
/prefix to the option value, where prefix defines the bits from
the start of the MAC to match on.
Example:
option src_mac 00:E0:C8:12:34:56/24
will match on all packets with prefix 00:E0:C8.
Web: Source address
UCI: firewall.<rule label>.src_ip
Opt: src_ip
Matches incoming traffic from the specified source IP address.
Web: Source port
UCI: firewall.<rule label>.src_port
Opt: src_port
Matches incoming traffic originating from the given source port
or port range on the client host.
Web: Destination zone
UCI: firewall.<rule label>.dest
Opt: dest
Specifies the traffic destination zone. Must refer to one of the
defined zone names.
Web: Destination address
UCI: firewall.<rule label>.dest_ip
Opt: dest_ip
For DNAT, redirects matched incoming traffic to the specified
internal host.
For SNAT, matches traffic directed at the given address.
To Next Page
Loading...
Need help?
General