RUGGEDCOM ROX II
User Guide
If required, reboot the router to flush all existing connection streams.
ROX II employs a stateful firewall system known as netfilter, a subsystem of the Linux kernel that provides the
ability to examine IP packets on a per-session basis.
For more information about firewalls, refer to
The following sections describe how to configure and manage a firewall:
•
Section 5.17.2, "Viewing a List of Firewalls"
•
Section 5.17.3, "Adding a Firewall"
•
Section 5.17.4, "Deleting a Firewall"
•
Section 5.17.5, "Working with Multiple Firewall Configurations"
•
Section 5.17.9, "Managing Interfaces"
•
Section 5.17.8, "Managing Zones"
•
Section 5.17.11, "Managing Policies"
•
Section 5.17.12, "Managing Network Address Translation Settings"
•
Section 5.17.13, "Managing Masquerade and SNAT Settings"
•
Section 5.17.10, "Managing Hosts"
•
Section 5.17.14, "Managing Rules"
•
Section 5.17.6, "Configuring the Firewall for a VPN"
•
Section 5.17.7, "Configuring the Firewall for a VPN in a DMZ"
•
Section 5.17.15, "Validating a Firewall Configuration"
•
Section 5.17.16, "Enabling/Disabling a Firewall"
Section 5.17.1
Firewall Concepts
The following sections describe some of the concepts important to the implementation of firewalls in ROX II:
•
Section 5.17.1.1, "Stateless vs. Stateful Firewalls"
•
Section 5.17.1.2, "Linux netfilter"
•
Section 5.17.1.3, "Network Address Translation"
•
Section 5.17.1.4, "Port Forwarding"
•
Section 5.17.1.5, "Protecting Against a SYN Flood Attack"
Section 5.17.1.1
Stateless vs. Stateful Firewalls
There are two types of firewalls: stateless and stateful.
Stateless or static firewalls make decisions about traffic without regard to traffic history. They simply open a path
for the traffic type based on a TCP or UDP port number. Stateless firewalls are relatively simple, easily handling
web and e-mail traffic. However, stateless firewalls have some disadvantages. All paths opened in the firewall are
Firewall Concepts
Section 5.17.1, "Firewall
Setup and Configuration
Concepts".
Chapter 5
367