Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:fw3_config_guide [2018/09/16 12:49] – ↷ Links adapted because of a move operation bobafetthotmail | docs:guide-user:firewall:fw3_configurations:fw3_config_guide [2019/05/31 02:44] – [Names] Added references to firewall config section, and pointed to port definition opensomewrtcan | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| configuring [[docs: | configuring [[docs: | ||
| - | ==== Use a Consistent Pattern for fw3 Rule Names ===== | + | ===== Rules ===== |
| - | Depending on the network topology there can be a large number of fw3 rules. | + | |
| - | For maintenance and debugging it helps to have, and use, a pattern for the | + | |
| - | '' | + | |
| - | well for you. | + | |
| - | One possible pattern for rule names is: **target-port-source-dest**, | + | ==== Names ==== |
| - | * target: the netfilter target | + | Depending on network topology, there can be a large number of fw3 rules. For maintenance, |
| - | * port: the IP port | + | |
| - | * source: generally | + | One possible pattern for rule names is: **target-port-source-dest**, |
| - | * dest: generally | + | |
| + | | ||
| + | | ||
| + | | ||
| Examples: | Examples: | ||
| + | <WRAP lo>< | ||
| + | * ACCEPT a SSH request from any device in the WAN zone of the router to any device in the LAN zone. | ||
| + | <WRAP lo>< | ||
| + | * ACCEPT an SSH request from any device in the WAN zone to the router. | ||
| + | * This is only necessary if the default rule and WAN zone config rule are set to REJECT or DROP. | ||
| - | '' | + | ==== Enable |
| - | + | The <wrap lo>'' | |
| - | ACCEPT a SSH request from any device in the WAN zone of the router to any | + | |
| - | device in the LAN zone. | + | |
| - | + | ||
| - | '' | + | |
| - | + | ||
| - | ACCEPT an SSH request from any device in the WAN zone to the router. | + | |
| - | only necessary if the default rule and WAN zone config rule are set to REJECT or DROP. | + | |
| - | + | ||
| - | ===== Enable | + | |
| - | The '' | + | |
| This is very useful when adding a rule and quickly enabling/ | This is very useful when adding a rule and quickly enabling/ | ||
| Line 35: | Line 29: | ||
| [[docs: | [[docs: | ||
| - | '' | + | <WRAP lo>< |
| config rule | config rule | ||
| - | | + | |
| - | option dest ' | + | option |
| - | option proto ' | + | option |
| - | option dest_port ' | + | option |
| - | option src_ip ' | + | option |
| - | option target ' | + | option |
| - | option name ' | + | option |
| - | option enabled ' | + | option |
| - | '' | + | </ |
| - | ===== Debugging | + | ==== Debugging ==== |
| It is important to test each firewall rule you have added. | It is important to test each firewall rule you have added. | ||
| Line 55: | Line 49: | ||
| for tips on debugging the problem. | for tips on debugging the problem. | ||
| - | ===== Default | + | ===== Default |
| When the openwrt image is first installed on the target device, it contains a | When the openwrt image is first installed on the target device, it contains a | ||
| " | " | ||