Commonly used interfaces are:

 

eth0

the LAN port

eth1

the WAN/Internet port

pppX

e.g. ppp0 or ppp1 – a PPP session

ipsecX

e.g. ipsec0, an IPSec interface

The firewall rules deny all packets arriving from the WAN port by default. There are a few ports open to deal with traffic such as DHCP, VPN services and similar. Any traffic that does not match the exceptions however is dropped.

There are also some specific rules to detect various attacks (smurf, teardrop, etc.).

When outbound traffic (from LAN to WAN) is blocked by custom rules configured in the GUI, the resultant dropped packets are also logged.

The <prefix> for all these rules is varied according to their type.

Currently used prefixes for traffic arriving:

Default Deny

Packet didn't match any rule – drop it

Invalid

Invalid packet format detected

Smurf

Smurf attack detected

Spoof

Invalid IP address detected

SynFlood

SynFlood attack detected

Custom

Custom rule dropped outbound packet

178

Appendix C – System Log

Page 182
Image 182
SnapGear 2.0.1 user manual Eth0, Eth1, Ppp, Ipsec, Default Deny, Invalid, Smurf, Spoof, SynFlood, Custom