1. Manuals
  2. Brands
  3. RuggedCom Manuals
  4. Network Router
  5. RuggedRouter RX1000
  6. User manual

Hosts; Policy - RuggedCom RuggedRouter RX1000 User Manual

Hide thumbs Also See for RuggedRouter RX1000:
Table of Contents

Advertisement

RuggedRouter® User Guide

Hosts

Shorewall hosts are used to assign zones to individual hosts or subnets, on an interface
which handles multiple subnets. This allows the firewall to manage traffic being
forwarded back out the interface it arrived on, but destined for another subnet. This is
often useful for VPN setups to handle the VPN traffic separately from the other traffic
on the interface which carries the VPN traffic. An example follows:
Zone
local
guests
Interfaces are defined in the file /etc/shorewall/hosts and are modified from the
Network Hosts menu.

Policy

Shorewall policies are the default actions for connection establishment between
different firewall zones. Each policy is of the form:
Source-zone
You can define a policy from each zone to each other. You may also use a wildcard
zone of "all" to represent all zones.
The default action describes how to handle the connection request. There are six
types of actions: ACCEPT, DROP, REJECT, QUEUE, CONTINUE and NONE. The
first three are the most widely used and are described here.
When the ACCEPT policy is used, a connection is allowed. When the DROP policy
is used, a request is simply ignored. No notification is made to the requesting client.
When the REJECT policy is used, a request is rejected with an TCP RST or an ICMP
destination-unreachable packet being returned to the client.
An example should illustrate the use of policies.
Source Zone
loc
net
all
The above policies will:
Allow connection requests only from your local network to the Internet. If
you wanted to allow requests from a console on the RuggedRouter to
Internet you would need to add a policy of ACCEPT fw zone to net zone.
Drop (ignore) all connection requests from the Internet to your firewall or
local network, and
Reject all other connection requests.
Note that a client on the Internet that is probing the RuggedRouter's TCP/UDP ports
will receive no responses and will not be able to detect the presence of the router. A
host in the local network, on the other hand, will fail to connect to the router but will
receive a notification.
Note that order of policies is important. If the last rule of this example were entered
first then no connections at all would be allowed.
114
Interface
IP Address or Network
eth3
10.0.0.0/8
eth3
192.168.0.0/24
Destination-zone
Destination Zone
net
all
all
Default-action
Policy
ACCEPT
DROP
REJECT
RuggedCom
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for RuggedCom RuggedRouter RX1000

Related Content for RuggedCom RuggedRouter RX1000

This manual is also suitable for:

Ruggedrouter rx1100

Table of Contents