Digi TransPort WR11 User Manual page 789
Hide thumbs
Also See for TransPort WR11:
- Manual (20 pages) ,
- Installation manual (17 pages) ,
- Quick start quide (2 pages)
Table of Contents
Advertisement
Configuring security
Set filters in firewall rules
Filter on port numbers
Suppose a Telnet server is running on a machine on IP address 10.1.2.63, and you want to make this
server accessible. Suppose also a filter is in place to block all packets to 10.1.2.*. To make the Telnet
server available on 10.1.2.63, add the following line before the blocking rule:
pass i n br eak on f r om any t o 10. 1. 2. 63 por t =23 f l ags S! A i nspect - st at e
A packet sent to the Telnet server (port 23) on IP address 10.1.2.63 matches this rule, and further
checking is prevented by the break end option.
Specifying in ensures that only incoming packets match the rule.
Specifying flags S!A ensures that the rule only matches on the initial TCP SYN, and also implies that
the rule should match on TCP packets.
Specifying inspect-state means that if a packet matches the rule, a new stateful entry is created to
allow other packets matching the same TCP socket, in either direction, to pass.
The above example illustrates the
Symbol
!=
>
<
<=
>=
You can also specify a port in range or a port out of range with the
pass all packets to addresses in the range 23 to 28, the rule is:
pass br eak end f r om any t o 10. 1. 2. 63 por t 23><28
To simplify ports references, some common port numbers are associated with the predefined strings,
listed in the table below. For example, in the example above, if we substitute the number 23 with the
string telnet, the rule is:
pass br eak end f r om any t o 10. 1. 2. 63 por t =t el net
Other defined port keywords are as follows. The service keywords are predefined based on standard
port numbers. These port numbers may have been defined differently on your system, in which case
you should use the port numbers explicitly, and not the defined names.
Keyword
Ftpdat
Ftpcnt
Digi TransPort® Routers User Guide
comparison. Other comparison methods supported are:
=
Meaning
not equal
greater than
less than
less than or equal to
greater than or equal to
Standard port number
20
21
or
symbols. For example, to
><
<>
Service
File Transfer Protocol data port
File Transfer Protocol control port
Firewall
789
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
