Firewall Scripts - Digi TransPort WR31 User Manual

Configure security settings

Firewall scripts

A firewall is a protection system designed to prevent your local area network from unauthorized
external access by other users of the Internet or another wide area network. It can also limit the
degree of access local users have to external network resources. A firewall does not provide a
complete security solution; it provides only one element of a fully secure system. Consider using
additional security methods, such as user authentication and data encryption. Refer to the IPSec
section for further information.
A firewall is a packet filtering system that allows or prevents the transmission of data (in either
direction) based on a set of rules. These rules allow filtering based on the following criteria:
Source and destination IP addresses
▪
Source and destination IP port or port ranges
▪
Type of protocol in use
▪
Direction of the data (in or out)
▪
Interface type
▪
The eroute the packet is on
▪
Whether an interface is OOS (out of service)
▪
ICMP message type
▪
TCP flags (SYN, ACK, URG, RESET, PUSH, FIN)
▪
TOS field
▪
Status of a link and/or data packets on UDP/TCP and ICMP protocols
▪
Besides providing comprehensive filtering facilities, Digi TransPort routers support rules relating to
the logging of information for audit/debugging purposes. You can log this information to a pseudo-
file on the router called fwlog.txt, the eventlog.txt pseudo-file, or to a syslog server, and you can
also use it to generate SNMP traps.
Digi TransPort WR Routers User Guide
Firewall
689