123
Appendix A - Firewall
STATEFUL PACKET INSPECTION
Refers to an architecture, where the firewall keeps track of packets
on each connection traversing all its interfaces and makes sure
they are valid. This is in contrast to static packet filtering which
only examines a packet based on the information in the packet
header.
DENIAL OF SERVICE ATTACK
Is an incident in which a user or organization is deprived of the
services of a resource they would normally expect to have. Various
DoS attacks the device can withstand are ARP Attack, Ping Attack,
Ping of Death, Land, SYN Attack, Smurf Attack, and Tear Drop.
TCP/IP/PORT/INTERFACE FILTER
These rules help in the filtering of traffic at the Network layer (i.e.
Layer 3).
When a Routing interface is created, Enable Firewall must be
checked.
Navigate to
Advanced Setup
>
Security
>
IP Filtering
.
OUTGOING IP FILTER
Helps in setting rules to DROP packets from the LAN interface.
By default, if the Firewall is Enabled, all IP traffic from the LAN is
allowed. By setting up one or more filters, specific packet types
coming from the LAN can be dropped.
Example 1
:
Filter
Name:
Out_Filter1
Protocol:
TCP
Source
IP
address:
192.168.1.45
Source
Subnet
Mask:
255.255.255.0
Source
Port:
80
Dest.
IP
Address:
NA
Dest.
Subnet
Mask:
NA
Dest.
Port:
NA