Ip- Filtering - Tripp Lite B092-016 Owner's Manual

To override the standard modem initialization string, either use the Management Console
(refer to Chapter 5) or the command line config tool (refer to Dial-In Configuration Chapter
14).
Enabling Boot Messages on the Console

If you are not using a modem on the DB9 console port and instead wish to connect to it
directly via a Null Modem cable, you may want to enable verbose mode, allowing you to see
the standard linux start-up messages. This can be achieved with the following commands:
# /bin/config --set=config.console.debug=on # /bin/config --run=console # reboot
If at some point in the future you chose to connect a modem for dial-in out-of-band access,
the procedure can be reversed with the following commands:
# /bin/config --del=config.console.debug # /bin/config --run=console # reboot

15.4 IP- Filtering

Standard IP-Filter Configuration:
The system uses the iptables utility to provide a stateful firewall of LAN traffic. By default, rules
are automatically inserted to allow access to enabled services, and serial port access via
enabled protocols. The commands which add these rules are contained in configuration files.
/etc/config/ipfilter
This is an executable shell script which is run whenever the LAN interface is brought up and
whenever modifications are made to the iptables configuration as a result of CGI actions or the
config command line tool.
The basic steps performed are as follows:
a) The current iptables configuration is erased.
b) If a customized IP-Filter script exists, it is executed and no other actions are performed.
c) Standard policies are inserted which will drop all traffic not explicitly allowed to and
through the system.
d) Rules are added which explicitly allow network traffic to access enabled services e.g.
HTTP, SNMP etc.
e) Rules are added which explicitly allow traffic network traffic access to serial ports over
enabled protocols e.g. Telnet, SSH and raw TCP.
190