Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:fw3_config_guide [2018/11/17 12:47] – [Enable and Disable a fw3 Rule] Added code box jw0914 | docs:guide-user:firewall:fw3_configurations:fw3_config_guide [2019/05/31 02:44] – [Names] Added references to firewall config section, and pointed to port definition opensomewrtcan | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| configuring [[docs: | configuring [[docs: | ||
| - | ==== Use a Consistent Pattern for fw3 Rule Names ===== | + | ===== Rules ===== |
| - | Depending on the network topology there can be a large number of fw3 rules. | + | |
| - | For maintenance and debugging it helps to have, and use, a pattern for the | + | |
| - | '' | + | |
| - | well for you. | + | |
| - | One possible pattern for rule names is: **target-port-source-dest**, | + | ==== Names ==== |
| - | * target: the netfilter target | + | Depending on network topology, there can be a large number of fw3 rules. For maintenance, |
| - | * port: the IP port | + | |
| - | * source: generally | + | One possible pattern for rule names is: **target-port-source-dest**, |
| - | * dest: generally | + | |
| + | | ||
| + | | ||
| + | | ||
| Examples: | Examples: | ||
| + | <WRAP lo>< | ||
| + | * ACCEPT a SSH request from any device in the WAN zone of the router to any device in the LAN zone. | ||
| + | <WRAP lo>< | ||
| + | * ACCEPT an SSH request from any device in the WAN zone to the router. | ||
| + | * This is only necessary if the default rule and WAN zone config rule are set to REJECT or DROP. | ||
| - | '' | + | ==== Enable |
| - | + | ||
| - | ACCEPT a SSH request from any device in the WAN zone of the router to any | + | |
| - | device in the LAN zone. | + | |
| - | + | ||
| - | '' | + | |
| - | + | ||
| - | ACCEPT an SSH request from any device in the WAN zone to the router. | + | |
| - | only necessary if the default rule and WAN zone config rule are set to REJECT or DROP. | + | |
| - | + | ||
| - | ===== Enable | + | |
| The <wrap lo>'' | The <wrap lo>'' | ||
| Line 47: | Line 41: | ||
| </ | </ | ||
| - | ===== Debugging | + | ==== Debugging ==== |
| It is important to test each firewall rule you have added. | It is important to test each firewall rule you have added. | ||
| Line 55: | Line 49: | ||
| for tips on debugging the problem. | for tips on debugging the problem. | ||
| - | ===== Default | + | ===== Default |
| When the openwrt image is first installed on the target device, it contains a | When the openwrt image is first installed on the target device, it contains a | ||
| " | " | ||