Firewall Scripts - Digi TransPort User Manual

Firewall scripts

A firewall is a protection system designed to prevent your local area network from unauthorized
external access by other users of the Internet or another wide area network. It may also limit the
degree of access local users have to external network resources. A firewall does not provide a
complete security solution; it provides only one element of a fully secure system. Consideration
should also be given to the use of user authentication and data encryption. Refer to the IPSec
section for further information.
In simple terms, a firewall is a packet filtering system that allows or prevents the transmission of
data (in either direction) based on a set of rules. These rules can allow filtering based on the
following criteria:
• Source and destination IP addresses
• Source and destination IP port or port ranges
• Type of protocol in use
• Direction of the data (in or out)
• Interface type
• The eroute the packet is on
• If an interface is OOS (out of service)
• ICMP message type
• TCP flags (SYN, ACK, URG, RESET, PUSH, FIN)
• TOS field
• Status of a link and/or data packets on UDP/TCP and ICMP protocols
In addition to providing comprehensive filtering facilities, Digi TransPort routers also allow you to
specify rules relating to the logging of information for audit/debugging purposes. This
information can be logged to a pseudo-file on the unit called FWLOG.TXT, the EVENTLOG.TXT
pseudo-file or to a syslog server. It can also be used to generate SNMP traps.
Digi TransPort User Guide 574