Firewall; Administration; Rules - NetModule NB1600 User Manual

5.5. FIREWALL

5.5.1. Administration

NetModule routers use Linux's netfilter/iptables firewall framework (see
for more information) which supports stateful inspection, that is, grant-
netfilter.org
ing the same permissions for inherited connections within an IP session (e.g. FTP which
builds up a control and data connection).
The administration page can be used to enable and disable firewalling. When turning it
on, a shortcut can be used to generate a predefined set of rules which allow administration
(over HTTP, HTTPS, SSH or TELNET) by default but block any other packets coming
from the WAN interface.

5.5.2. Rules

In general, the firewall is set up of a range of rules which control each packet's permis-
sion to pass the router. Please note that the rules are processed by order, that means
traversing the list from top to bottom until a matching rule is found. Packets which are
not matching any of the rules configured will be ALLOWED.
Description: A meaningful description about the purpose of this rule
Mode: Specifies whether the packets of this rule should be allowed or denied
Source: The source address of matching packets, can be any or specified by an ad-
dress/network
Destination: The destination address of matching packets, can be any, local (addressed
to the system itself) or specified by an address/network
Incoming interface: The interface on which matching packets are received
Protocol: The used IP protocol of matching packets, can be UDP, TCP or ICMP
Destination port(s): The destination port of matching packets, which can be specified
by a single port or a range of ports (only UDP/TCP)
The statistics page can be used to figure out if rules have matched any packets and
provides a convenient way to debug your firewall setup.
NB1600 User Manual
56
http://www.