RuggedCom RuggedRouter RX1100 User Manual

34. Maintaining The Router

Revision 1.14.3

289

RX1000/RX1100™

2.

Visit the Shorewall Firewall menu, Network Zones sub-menu and add the "net" and "loc"
IPv4 zones. This document defines the zone for WAN interfaces as "net" and the zone for
local interfaces as "loc".

Zone ID

Zone type

net

IPv4

loc

IPv4

aclnt

IPv4

unusd

IPv4

fw

Firewall System

3.

Visit the Network Interfaces sub-menu and assign interfaces to the zones. For example, eth1
= net, eth2 = loc. The exact assignment will depend upon your configuration.

Note the assignment of the "aclnt" zone: Industrial Defender SAP uses OpenVPN for
secure communication between client and protected device. OpenVPN creates virtual "tunnel"
interfaces for this purpose.

Zone ID

Interface

Address

net

eth1

detect

loc

eth2

detect

unusd

eth3

detect

unusd

eth4

detect

aclnt

tun+

detect

4.

Visit the Default Policies sub-menu and assign the following policies:

Source zone

Destination zone

Policy

fw

any

ACCEPT

loc

net

ACCEPT

aclnt

any

DROP

any

any

DROP

5.

Visit the Firewall Rules sub-menu and assign the following rules. Note that Idefender and
SAPCtl Actions must have "log to syslog level" set to "<Don't log>":

Action

Source zone

Destination
zone

Protocol

Src-Port

Dst-Port

ACCEPT

aclnt

fw

any

SAPCtl

net

fw

UDP

Idefender

aclnt

loc

any

See also the note on VRRP, Firewall Rules, and Access Manager, below.

6.

Apply the Shorewall configuration.

a.

For Webmin and/or SSH access to the router you can add a rule:

ACCEPT net

fw

tcp

22,10000