Black Box LRS002A-R2, LRA005A-R2, LRA001A-R2 manual Filter add $OUTOK -f outbound -t allow

ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER USER’S MANUAL

Individual entries in the filter list accomplish the following:

1filter add $OUTOK -f outbound -t allow

No outgoing packets need to be filtered. (Saves processing time).

2filter add $TCPOK -p tcpestab -t allow

Packets on established TCP connections do not need to be filtered. (So any mention of TCP beyond this point in the list pertains only to NEW connections.)

3filter add $FAKE25 -i iface -p tcpnew -s 25 -t deny

Prevents people from sneaking in with a remote client, that is pretending to be a remote mail server.

4filter add $NOLOOP -s 127.0.0.0/8 -t deny

Block packets resulting from misconfigured DNS resolver.

5filter add $NORCMD -p tcp -d 512-515 -t deny Do not allow R-series commands across the link.

5a filter add $NOTN -p tcp -d 23 -t deny

If telnet is not allowed, block it.

6filter add $SRVOK -p tcp -d server/32 -t allow Allow connections to the local server host.

7filter add $MAIL1 -i iface -p tcp -d 25 -t allow

8filter add $MAIL2 -i iface -p tcp -s 25 -t allow Allow all of your users to send and receive email.

9filter add $FTP1 -i iface -f inbound -p tcp -s 20 -t allow

Allow inbound connections to the local FTP client data port.

10filter add $DNS1 -i iface -p tcp -s 53 -t allow

11filter add $DNS2 -i iface -p tcp -d 53 -t allow

12filter add $DNS3 -i iface -p udp -s 53 -t allow

13filter add $DNS4 -i iface -p udp -d 53 -t allow Allow local machines full use of DNS.

14filter add $RIP1 -i iface -p udp -s 520 -t allow

15filter add $RIP2 -i iface -p udp -d 520 -t allow Allow RIP packets across the link.

Your customized filters are inserted here.

16filter add $NOUDP -i iface -p udp -t deny

17filter add $NOSRV -i iface -p tcpnew -f inbound -t deny Deny all services not mentioned above, for UDP and TCP.

18filter enable

Enable all filter statements.

78