Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:fw3_config_examples [2021/12/05 10:15] – [Allow HTTP/HTTPS access from Cloudflare] vgaetera | docs:guide-user:firewall:fw3_configurations:fw3_config_examples [2022/10/30 21:06] – [Firewall IPv4 examples] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== | + | ====== IPv4 firewall |
| - | This section contains a collection of useful [[docs: | + | This section contains a collection of useful [[docs: |
| All of these can be added on the LuCI //Network -> Firewall -> Traffic Rules// page. | All of these can be added on the LuCI //Network -> Firewall -> Traffic Rules// page. | ||
| Line 55: | Line 55: | ||
| It will not match any other src IP address. | It will not match any other src IP address. | ||
| - | :!: When using an IPv4 address set the family to **ipv4**, otherwise | + | :!: When using an IPv4 address set the family to **ipv4**, otherwise |
| ===== Block WAN-side networks and ports ===== | ===== Block WAN-side networks and ports ===== | ||
| Line 136: | Line 136: | ||
| ===== Block access to certain domains based on their names ===== | ===== Block access to certain domains based on their names ===== | ||
| - | An example is give at [[docs: | + | An example is give at [[docs: |
| + | It is also capable to filter DDNS hosts. | ||
| + | It has also the advantage to allow for other subdomains (like www.) by just filtering the root-domain-name (like example.com). | ||
| ===== Block access to the Internet for a specific LAN station between certain times ===== | ===== Block access to the Internet for a specific LAN station between certain times ===== | ||
| Line 179: | Line 181: | ||
| </ | </ | ||
| - | An alternative mechanism to block multiple LAN MACs can be found in | + | An alternative mechanism to block multiple LAN MACs can be found in the LuCI " |
| - | the LuCI | + | Set the filter for "Allow all except listed" |
| - | " | + | In the ''/ |
| - | "Allow all except listed" | + | |
| - | ''/ | + | |
| - | for the interface. | + | |
| ===== IPSec passthrough ===== | ===== IPSec passthrough ===== | ||
| Line 265: | Line 264: | ||
| # let it pass | # let it pass | ||
| </ | </ | ||
| - | |||
| - | This will create a lot of " | ||
| In general remember that forwardings are relying how routing rules are defined, and afterwards which zones are defined on which interfaces. | In general remember that forwardings are relying how routing rules are defined, and afterwards which zones are defined on which interfaces. | ||
| Line 335: | Line 332: | ||
| ===== Allow HTTP/HTTPS access from Cloudflare ===== | ===== Allow HTTP/HTTPS access from Cloudflare ===== | ||
| - | Here is an example that allows HTTP/HTTPS from Cloudflare. | + | Here is an example that allows HTTP/ |
| Use if your webserver is behind the Cloudflare proxy. | Use if your webserver is behind the Cloudflare proxy. | ||
| Line 345: | Line 342: | ||
| " | " | ||
| do uci add_list firewall.cf_proxy.dest_ip=" | do uci add_list firewall.cf_proxy.dest_ip=" | ||
| + | done | ||
| done | done | ||
| / | / | ||