Note
As a result, the PC in your LAN with the IP address 192.168.1.42 has no protection whatsoever from the firewall in
your telephone system at Port 22/TCP! You can restrict access options where required if access is to always be effec-
ted from an Internet connection with a set IP address (for example T-Interconnect). Here, any entries which con-
tain “0. 0. 0. 0/0" should be matched to the known IP addresses of the remote location (0. 0. 0. 0/0 is a global proxy
address for all IP addresses).
Note
If you wish to employ a combination of filters consisting of filters that have been generated using the Filter Wizard
and your own custom filters, or port map entries, be sure to check the order of the rules in the table (you can change
the order using the buttons »up« and »down«). The “Secure system” filter, which blocks all packets directed toward
so-called privileged ports, is offered in the Filter Wizard. In the example given here this filter would counteract the
configured functionality, as the ssh port (22) is a privileged port. We urgently recommend blocking all privileged
ports that are not needed; it may therefore be expedient to use the filter configured by the Filter Wizard that has
been appropriately adapted, or that is located at the appropriate position in the table.
Note
If you are not sure which ports must be routed to the LAN PC for certain applications, or for attaining defined user
privileges in exchange networks using port mapping by your telephone system router, enter the name of the appli-
cation and the terms »port« and »firewall« in an Internet search engine; configuration instructions can usually be
found quite easily in this manner. You can reroute one single port, or port ranges (for example 4661-4665) using a
port map rule.
Filter Wizard
The firewall is configured such that all data packets for which no explicit rule (filter) exists which would otherwise al-
low the packets to pass are rejected. This procedure makes the configuration of the firewall somewhat more compli-
cated, but significantly reduces the probability of “overseeing” the blocking of some packets to prevent them from
passing through the firewall.
Some filters contain rules for rejecting packets which would actually not be required for the selected basic configura-
tion of the firewall, because the firewall would reject any packets not enabled by the filters, based on the configuration
carried out by the Wizard. The rejection rules mentioned above are nevertheless retained to reject packets used in
certain attacks at the earliest possible stage to prevent the packets from passing through the entire chain of filter ru-
les; this enhances firewall performance in the event of a real attack.
Example for predefined filters in the filter wizard
Help for the various filters contained in the Filter Wizard can be found in the file “Filter_Info.txt” in the Win-Tools
installation directory (e.g. “C:filesWIN-ToolsTools V6.02"), or by clicking the corresponding ”Help" button«.
Filter Wizard
Configure firewall filters
25
Содержание T444
Страница 1: ......
Страница 4: ...Realplayer Filter 28 Mediaplayer Filter 28 Filter update 28 2...
Страница 25: ...Configuring Internet access on a PC Checking the TCP IP Configuration 21...
Страница 35: ...31...