RUGGEDCOM ROX II
CLI User Guide
To prevent SYN flood attacks on closed ports, set the firewall to block all traffic to closed ports. This prevents
SYN packets from reaching the kernel.
Siemens also recommends setting the listen ports to include IP addresses on separate interfaces. For example,
set the device to listen to an IP address on switch.0001 and fe-cm-1. This will make sure that one port is
accessible if the other is flooded.
Section 5.17.2
Viewing a List of Firewalls
To view a list of firewalls, type:
show running-config security firewall fwconfig
If firewalls have been configured, a table or list similar to the following example appears:
ruggedcom# show running-config security firewall fwconfig
security
firewall
fwconfig firewall1
!
fwconfig firewall2
!
!
!
If no firewalls have been configured, add firewalls as needed. For more information, refer to
"Adding a
Firewall".
Section 5.17.3
Adding a Firewall
To add a new firewall, do the following:
1.
Make sure the CLI is in Configuration mode.
2.
Add the firewall by typing:
security firewall fwconfig firewall
Where:
• firewall is the name of the firewall
3.
Configure the following parameter(s) as required:
Parameter
description { description }
4.
Add interfaces associated with the firewall. For more information about adding interfaces, refer to
Section 5.17.9.2, "Adding an
5.
Add network zones for the firewall. Make sure a zone with the type firewall exists. For more information
about adding network zones, refer to
Viewing a List of Firewalls
Interface".
Section 5.17.8.2, "Adding a
Description
Synopsis: A string
An optional description string.
Zone".
Chapter 5
Setup and Configuration
Section 5.17.3,
271