elmeg T444 User Manual page 30

Con fi gu re fi re wall fil ters Fil ter Wi zard
Protecting the system
This fil ter blocks the fi re wall against con nec ti on se tups at pri vi le ged ports (0 ... 1023) for TCP and UDP. Most re le -
vant da ta ser vi ces are of fe red via pri vi le ged ports (estab lis hing na mes, fi le transfer, etc.).
IP Spoofing Blocking
This fil ter blocks the fi re wall against "fa ke" (spoof) pa ckets on the "wrong si de" of the fi re wall. As a re sult, da ta pa -
ckets which would cer tain ly be long in the LAN ba sed on their IP ad dress, but would be rou ted to the port for the DSL
mo dem by an at ta cker from the In ter net, are igno red (sa me ap plies to ISDN links to the Internet).
DNS-filter
This fil ter per mits estab lis hing of na mes (as signment of IP-ad dres ses to URLs) by en ab ling out going UPD and TCP
pa ckets at port 53, as well as in co ming ones from port 53. Lon ger re plies and zo ne trans fers are al so per mit ted by en -
ab ling TCP. No DNS que ries can pass through the fi re wall when this filter is de-activated!
Active FTP - Filter
To get her with the cor re spon ding soft wa re mo du le in the fi re wall this fil ter per mits ac ti ve FTP. Ac ti ve FTP dif fers
from pas si ve FTP in that the FTP ser ver sets up a con nec ti on for da ta trans fer at the re quest of the clients (ap plies
both to the re spon se to the FTP com mand "ls" and to the fi le trans fer pro per). The pro blem he re is that the con nec ti -
on se tup by the FTP ser ver is ma de at any non-pri vi le ged port, thus re qui ring that a large region of the firewall be
enabled.
Out going con nec tions at ports 20 and 21 and in co ming ones from the se ports to non-pri vi le ged ports are en ab led.
Passive FTP - Filter
This fil ter per mits fi le trans fer via FTP, with the con nec ti on al ways being estab lis hed by the FTP client. Out going
con nec tions to port 21 and in co ming ones from this port to non-pri vi le ged ports are enabled.
HTTP - Filter
This fil ter per mits Web browsing by en ab ling pa ckets to ports 80 and 8080 (when using http pro xies) for out going
con nec tions and in co ming pa ckets from the se ports to non-pri vi le ged ports.
HTTPS - Filter
This fil ter per mits se cu re Web sur fing by en ab ling pa ckets to port 443 for out going con nec tions and in co ming pa -
ckets from this port to non-pri vi le ged ports. The https pro to col is fre quent ly used for ho me ban king and on li ne shop -
ping; http con nec tions are used for trans fer of se cu re packets using encryption.
HBCI - Filter
This fil ter per mits the use of HBCI for ho me ban king by en ab ling pa ckets to port 3000 for out going con nec tions and
in co ming ones from this port to non-pri vi le ged ports.
E-mail send filter
This fil ter per mits trans mis si on of e-mails via SMTP (= sen ding e-mails) by en ab ling pa ckets to port 25 for out going
con nec tions and in co ming pa ckets from this port to non-pri vi le ged ports.
E-mail reception - Filter
This fil ter per mits trans mis si on of e-mails via POP (= re cei ving e-mails) by en ab ling pa ckets to port 110 for out going
con nec tions and in co ming pa ckets from this port to non-pri vi le ged ports.
26