Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:firewall:fw3_configurations:fw3_config_guide [2018/11/17 12:51] – [Use a Consistent Pattern for fw3 Rule Names] Added code boxes jw0914docs:guide-user:firewall:fw3_configurations:fw3_config_guide [2019/05/31 02:44] – [Names] Added references to firewall config section, and pointed to port definition opensomewrtcan
Line 3: Line 3:
 configuring [[docs:guide-user:firewall:overview|firewall3]]. configuring [[docs:guide-user:firewall:overview|firewall3]].
  
-==== Use a Consistent Pattern for fw3 Rule Names ===== +===== Rules =====
-Depending on the network topology there can be a large number of fw3 rules. +
-For maintenance and debugging it helps to have, and use, a pattern for the +
-''name'' option in the .  This is entirely a admin memory key so use whatever pattern works +
-well for you.+
  
-One possible pattern for rule names is: **target-port-source-dest**, where +==== Names ==== 
-  * targetthe netfilter target +Depending on network topology, there can be a large number of fw3 rules. For maintenance, and debugging, it helps to create a naming scheme to enter in the ''name'' option of the [[docs:guide-user:firewall:firewall_configuration|config sections]]. Use whatever pattern works well for you. 
-  * portthe IP port + 
-  * source: generally the zone, device, or specific station originating the packet +One possible pattern for rule names is: **target-port-source-dest**, where: 
-  * dest: generally the zone, device, or specific station destination of the packet+  * **target** is the netfilter target, 
 +  * **port** is the port number (see [[https://tools.ietf.org/html/rfc793#section-2.7|RFC 793, Section 2.7]]), 
 +  * **source** is the zone, device, or specific station the packet originates from, and... 
 +  * **dest** is the zone, device, or specific station the packet is destined for
  
 Examples: Examples:
Line 22: Line 21:
     * This is only necessary if the default rule and WAN zone config rule are set to REJECT or DROP.     * This is only necessary if the default rule and WAN zone config rule are set to REJECT or DROP.
  
-===== Enable and Disable a fw3 Rule =====+==== Enable Disable ====
 The <wrap lo>''enabled''</wrap> option is defined for each functional section and defaulted to //true// To override it add <wrap lo>''option enabled '0'''</wrap> to a particular rule (or toggle the LuCI //Network -> Firewall -> Traffic Rule -> **Enable**// checkbox.) The <wrap lo>''enabled''</wrap> option is defined for each functional section and defaulted to //true// To override it add <wrap lo>''option enabled '0'''</wrap> to a particular rule (or toggle the LuCI //Network -> Firewall -> Traffic Rule -> **Enable**// checkbox.)
  
Line 42: Line 41:
 </code></WRAP> </code></WRAP>
  
-===== Debugging fw3 and netfilter rules =====+==== Debugging ====
 It is important to test each firewall rule you have added.  If it works, GREAT! It is important to test each firewall rule you have added.  If it works, GREAT!
  
Line 50: Line 49:
 for tips on debugging the problem. for tips on debugging the problem.
  
-===== Default firewall configuration for a device =====+===== Default Configuration =====
 When the openwrt image is first installed on the target device, it contains a When the openwrt image is first installed on the target device, it contains a
 "safe" ''/etc/config/firewall'' file.  This is a useful file to study and "safe" ''/etc/config/firewall'' file.  This is a useful file to study and
  • Last modified: 2020/07/16 14:47
  • by vgaetera