ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER USER’S MANUAL

At the end of initial configuration, if the default route for an interface points to a serial point-to-point interface (synchronous or modem), you will be offered a standard firewall configuration. For the question “Install standard Internet access firewall on iface?” answer Y to install the suite of predefined IP filters.

When executing config modify, answer Y to the same question in the previous paragraph, to install the IP filters. If there are filters already present with reserved names, and you request the standard firewall, all filters with names that begin with “$” are deleted, before the standard firewall is generated.

List of predefined IP filters

The predefined IP filter statements are:

1filter add $OUTOK -f outbound -t allow

2filter add $TCPOK -p tcpestab -t allow

3filter add $FAKE25 -i iface -p tcpnew -s 25 -t deny

4filter add $NOLOOP -s 127.0.0.0/8 -t deny

5filter add $NORCMD -p tcp -d 512-515 -t deny

5a filter add $NOTN -p tcp -d 23 -t deny

6filter add $SRVOK -p tcp -d server/32 -t allow

7filter add $MAIL1 -i iface -p tcp -d 25 -t allow

8filter add $MAIL2 -i iface -p tcp -s 25 -t allow

9filter add $FTP1 -i iface -f inbound -p tcp -s 20 -t allow

10filter add $DNS1 -i iface -p tcp -s 53 -t allow

11filter add $DNS2 -i iface -p tcp -d 53 -t allow

12filter add $DNS3 -i iface -p udp -s 53 -t allow

13filter add $DNS4 -i iface -p udp -d 53 -t allow

14filter add $RIP1 -i iface -p udp -s 520 -t allow

15filter add $RIP2 -i iface -p udp -d 520 -t allow Your customized filters are inserted here.

16filter add $NOUDP -i iface -p udp -t deny

17filter add $NOSRV -i iface -p tcpnew -f inbound -t deny

18filter enable

Filter statements 1–15 are placed before any user-defined filter statements. Items 16–17 are placed after any user-defined filter statements.

77

Page 77
Image 77
Black Box LRA001A-R2, LRS002A-R2, LRA005A-R2 manual List of predefined IP filters