Westermo RedFox Series User Manual

Page 706

Advertising
background image

Westermo OS Management Guide

Version 4.17.0-0

Details about configuration options can be found in

section 31.2

(Web), and

sec-

tion 31.3

(CLI).

31.1.6.1

Enabling logging for firewall rules

Logging is enabled for individual rules in the firewall.

Logging is possible for packet filtering rules (both allow and deny), for NAT rules
(both NAPT and 1-to-1 types) and for port forwarding rules.

Logging is currently not possible for the packet modify operation, however traffic
that is modified by packet modify rules is also passing through the forward filter-
ing chain (see

fig. 31.1

). It is possible to simulate logging for packet modify by

adding a filter allow rule in the forward chain with the same matching condition
as the modify rule, and enable logging for that filtering rule.

An entry is added to the log file when an IP packet hits a specific rule with logging
enabled. Note that only the first packet in a connection will be logged.
Subsequent packets or return traffic packets belonging to the same session will
not be logged (that would quickly overflow the logs).

Logging enabled for packet filter “deny” rules behave different though, and EV-
ERY packet hitting such a rule will be logged.

31.1.6.2

Settings for rate limitation

The firewall logging system has a rate limitation functionality, preventing exces-
sive amount of log entries to be created upon problems. This will reduce problems
due to malicious traffic from outside or inside the network, so called “denial of
service” attacks (or DOS attacks), port scannings or similar. It will also avoid
problems by excessive logging caused by bad configuration or malfunctioning
units in the network causing traffic storms.

The limitation is configured as a maximum rate of log entries per time unit. The
time units available are: second, minute, hour or day.

The configuration: “10 per second”, means just that, max 10 log entries will be
written to the log file each second.

The rate is continous. This means that the allowance of log entries will be
evenly distributed over the time unit. An example: “60 per hour” will allow 60
entries per hour, but distributed evenly as max one log entry per minute.

706

➞ 2015 Westermo Teleindustri AB

Advertising
This manual is related to the following products:

Wolverine Series, Falcon Series, Viper Series

Popular Brands
Popular manuals