ISDN Router Manual V.1.1
33
udp
Matches UDP packets
The
address
specifies
from <address/mask>[port] to <address/mask>[port] [via <interface>]
You can only specify port in conjunction with protocols which support ports
(UDP and TCP).
The
via
is optional and may specify the IP address or domain name of a local IP interface, or an
interface name (ie, isdn or ethernet ) to match only packets coming through this interface.
Example commands for firewall
This command will deny all packets from the host 129.97.34.1 to the telnet port of the host
192.168.34.1 by being forwarded by the router:
>config firewall add deny tcp from 129.97.34.1 to 192.168.34.123
The next example denies any TCP traffic from the entire 129.98.3.0 network (a class C) to the
192.168.34.1 machine (any port).
>config firewall add deny tcp from 129.98.3.0/24 to 129.99.1.2
Firewall is an internet traffic filtering process which is used to keep certain type of traffic from
entering or leaving a specific site. This control mechanism is used mainly for security purpose
where an organization can selectively reject traffic on the internet.
There are currently two distinct types of firewalls in common use on the Internet today. The first
type is more properly called a packet filtering router, where the kernel on a multi-homed machine
chooses whether to forward or block packets based on a set of rules. The second type, known as
proxy servers, rely on daemons to provide authentication and to forward packets, possibly on a
multi-homed machine which has kernel packet forwarding disabled.
The router uses the first type of the packet filtering process to implement the firewall. A fairly
sophisticated level of packet filtering process has been implemented on the router; therefore, it is
expected that a novice user may take sometime to get familiar with all of the firewall commands
and features.
The firewall can filter the following type of traffics: