Configure security settings
Firewall Script syntax
A firewall must be individually configured to match the needs of authorized users and their
applications. On Digi routers, the rules governing firewall behavior are defined in a script file called
FW.TXT. Each line in this file consists of a label definition, a comment or a filter rule.
Labels
A label definition is a string of up to 12 characters followed by a colon. Labels can only include
letters, digits and the underscore character. Use labels with the break option to cause the
processing of the script to jump to a new location.
Comments
Any line starting with the hash character (#) is considered a comment and is ignored.
Filter rules
The syntax for a filter rule is:
[action] [in-out] [options] [tos] [proto] [dnslist] [ip-range]
[inspect-state]
When the firewall is active, the script is processed one line at a time as each packet is received or
▪
transmitted.
Even when a packet matches a filter-rule, processing still continues and all the other filter rules
▪
are checked until the end of the script is reached.
The action taken on a particular packet is that specified by the last matching rule.
▪
With the break option, the script processing can be redirected to a new location or to the end of
▪
the script if required.
The default action that the firewall assigns to a packet is to block. This means if the packet does
▪
not match any of the rules, it is blocked.
Digi TransPort WR Routers User Guide
Firewall
690