Table of Contents
Advertisement
At the end of initial configuration, if the default route for an interface points to a serial point-to-point
interface (synchronous or modem), you will be offered a standard firewall configuration. For the
question "Install standard Internet access firewall on iface?" answer Y to install the suite of predefined IP
filters.
When executing config modify, answer Y to the same question in the previous paragraph, to install the
IP filters. If there are filters already present with reserved names, and you request the standard firewall,
all filters with names that begin with "$" are deleted, before the standard firewall is generated.
List of predefined IP filters
The predefined IP filter statements are:
1
filter add $OUTOK -f outbound -t allow
2
filter add $TCPOK -p tcpestab -t allow
3
filter add $FAKE25 -i iface -p tcpnew -s 25 -t deny
4
filter add $NOLOOP -s 127.0.0.0/8 -t deny
5
filter add $NORCMD -p tcp -d 512-515 -t deny
5a
filter add $NOTN -p tcp -d 23 -t deny
6
filter add $SRVOK -p tcp -d server/32 -t allow
7
filter add $MAIL1 -i iface -p tcp -d 25 -t allow
8
filter add $MAIL2 -i iface -p tcp -s 25 -t allow
9
filter add $FTP1 -i iface -f inbound -p tcp -s 20 -t allow
10
filter add $DNS1 -i iface -p tcp -s 53 -t allow
11
filter add $DNS2 -i iface -p tcp -d 53 -t allow
12
filter add $DNS3 -i iface -p udp -s 53 -t allow
13
filter add $DNS4 -i iface -p udp -d 53 -t allow
14
filter add $RIP1 -i iface -p udp -s 520 -t allow
15
filter add $RIP2 -i iface -p udp -d 520 -t allow
Your customized filters are inserted here.
16
filter add $NOUDP -i iface -p udp -t deny
17
filter add $NOSRV -i iface -p tcpnew -f inbound -t deny
18
filter enable
Filter statements 1–15 are placed before any user-defined filter statements. Items 16–17 are placed
after any user-defined filter statements.
ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER USER'S MANUAL
77
Advertisement
Chapters
Table of Contents
