Commonly used interfaces are: |
|
eth0 | the LAN port |
eth1 | the WAN/Internet port |
pppX | e.g. ppp0 or ppp1 – a PPP session |
ipsecX | e.g. ipsec0, an IPSec interface |
The firewall rules deny all packets arriving from the WAN port by default. There are a few ports open to deal with traffic such as DHCP, VPN services and similar. Any traffic that does not match the exceptions however is dropped.
There are also some specific rules to detect various attacks (smurf, teardrop, etc.).
When outbound traffic (from LAN to WAN) is blocked by custom rules configured in the GUI, the resultant dropped packets are also logged.
The <prefix> for all these rules is varied according to their type.
Currently used prefixes for traffic arriving:
Default Deny | Packet didn't match any rule – drop it |
Invalid | Invalid packet format detected |
Smurf | Smurf attack detected |
Spoof | Invalid IP address detected |
SynFlood | SynFlood attack detected |
Custom | Custom rule dropped outbound packet |
178
Appendix C – System Log