VMG1312-B10A: Firewall: Difference between revisions
Content deleted Content added
m Mention that it's worth checking that a rule has been set |
m Explain about firewall rules not being invoked correctly |
||
| Line 9: | Line 9: | ||
Having added a rule via the Web interface, it is worth checking with ''iptables'' or ''ip6tables'' that it has been successful - rules don't always get set correctly and/or may not survive a power cycle. |
Having added a rule via the Web interface, it is worth checking with ''iptables'' or ''ip6tables'' that it has been successful - rules don't always get set correctly and/or may not survive a power cycle. |
||
For example, adding a firewall rule on the Web interface to allow IPv4 UDP traffic from anywhere to port 1194 on my Raspberry Pi (inbound openvpn traffic) with a name of ''OpenVPN'', it added an iptables rule: |
|||
Chain OpenVPN (0 references) |
|||
pkts bytes target prot opt in out source destination |
|||
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 |
|||
but failed to add a rule in the ACL_FORWARD table to actually invoke that new chain. I had to add |
|||
it manually: |
|||
Chain ACL_FORWARD (1 references) |
|||
pkts bytes target prot opt in out source destination |
|||
0 0 VoIP4A udp -- * * 81.187.30.110/31 0.0.0.0/0 udp |
|||
3010 1045K VoIP4B udp -- * * 81.187.30.112/29 0.0.0.0/0 udp |
|||
0 0 VoIP4C udp -- * * 90.155.3.0/24 0.0.0.0/0 udp |
|||
0 0 VoIP4D udp -- * * 90.155.103.0/24 0.0.0.0/0 udp |
|||
0 0 OpenVPN udp -- * * 0.0.0.0/0 81.187.xx.xx udp |
|||
The 4 VoIP rules have always needed to be added manually after a power cycle, I guess the OpenVPN rule will have to be too. |
|||
IPv6 rules seem to be added properly and survive power cycles. |
|||
[[Category:ZyXEL VMG1312-B10A|Firewall]] |
[[Category:ZyXEL VMG1312-B10A|Firewall]] |
||