Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

VMG1312-B10A: Firewall: Difference between revisions

m
Explain about firewall rules not being invoked correctly
m (Mention that it's worth checking that a rule has been set)
m (Explain about firewall rules not being invoked correctly)
 
 
Having added a rule via the Web interface, it is worth checking with ''iptables'' or ''ip6tables'' that it has been successful - rules don't always get set correctly and/or may not survive a power cycle.
For example, adding a firewall rule on the Web interface to allow IPv4 UDP traffic from anywhere to port 1194 on my Raspberry Pi (inbound openvpn traffic) with a name of ''OpenVPN'', it added an iptables rule:
 
Chain OpenVPN (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
 
but failed to add a rule in the ACL_FORWARD table to actually invoke that new chain. I had to add
it manually:
 
Chain ACL_FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 VoIP4A udp -- * * 81.187.30.110/31 0.0.0.0/0 udp
3010 1045K VoIP4B udp -- * * 81.187.30.112/29 0.0.0.0/0 udp
0 0 VoIP4C udp -- * * 90.155.3.0/24 0.0.0.0/0 udp
0 0 VoIP4D udp -- * * 90.155.103.0/24 0.0.0.0/0 udp
0 0 OpenVPN udp -- * * 0.0.0.0/0 81.187.xx.xx udp
 
The 4 VoIP rules have always needed to be added manually after a power cycle, I guess the OpenVPN rule will have to be too.
 
IPv6 rules seem to be added properly and survive power cycles.
 
[[Category:ZyXEL VMG1312-B10A|Firewall]]
editor
466

edits