RuggedRouter™ User Guide

The norfc1918 option causes packets arriving on this interface and that have a source or destination address that is reserved in RFC 1918 to be dropped after being optionally logged.

The nobogons option causes packets arriving on this interface that have a source address reserved by the IANA or by other RFCs (other than 1918) to be dropped after being optionally logged.

The routefilter option invokes the Kernel's route filtering (anti-spoofing) facility on this interface. The kernel will reject any packets incoming on this interface that have a source address that would be routed outbound through another interface on the firewall.

The proxyarp option causes Shorewall to set proxy arp for the interface. Do not set this option if implementing Proxy ARP through entries in /etc/shorewall/proxarp.

The maclist option causes all connection requests received on this interface to be subject to MAC address verification. May only be specified for Ethernet interfaces.

The nosmurfs option causes incoming connection requests to be checked to ensure that they do not have a broadcast or multicast address as their source. Any such packets will be dropped after being optionally logged according to the setting of SMURF_LOG_LEVEL in /etc/shorewall/shorewall.conf.

The logmartians option causes the martian logging facility will be enabled on this interface. See also the LOG_MARTIANS option in /etc/shorewall/shorewall.conf.

Network Zone Hosts

Figure 94: Firewall Zone Hosts

This menu allows you to add, delete and configure interfaces hosting multiple zones. Add a new zone host by selecting the “Add a new zone host” link or by clicking on the add-above or add-below images in the Add field. Reorder the hosts by clicking on the arrows under the Move field.

The Zone field selects a zone that will correspond to a subnet on the interface in question. The Interface field describes that interface and the IP address or network field describes the subnet.

Selecting the IPSEC zone Host Option field will identify that the traffic to host in this zone is encrypted.

The Save and Delete buttons will allow you to edit or delete the zone host. You may also make changes by manually editing the policy

116

RuggedCom

Page 117 Page 119
Page 118
Image 118
RuggedCom RX1000, RX1100 manual Network Zone Hosts, Firewall Zone Hosts
Page 117 Page 119
Top Page Image Contents