Black Box LRA005A-R2 User Manual
Page 78
ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER USER’S MANUAL
78
Individual entries in the filter list accomplish the following:
1
filter add $OUTOK -f outbound -t allow
No outgoing packets need to be filtered. (Saves processing time).
2
filter add $TCPOK -p tcpestab -t allow
Packets on established TCP connections do not need to be filtered. (So any mention of TCP
beyond this point in the list pertains only to NEW connections.)
3
filter add $FAKE25 -i iface -p tcpnew -s 25 -t deny
Prevents people from sneaking in with a remote client, that is pretending to be a remote mail
server.
4
filter add $NOLOOP -s 127.0.0.0/8 -t deny
Block packets resulting from misconfigured DNS resolver.
5
filter add $NORCMD -p tcp -d 512-515 -t deny
Do not allow R-series commands across the link.
5a
filter add $NOTN -p tcp -d 23 -t deny
If telnet is not allowed, block it.
6
filter add $SRVOK -p tcp -d server/32 -t allow
Allow connections to the local server host.
7
filter add $MAIL1 -i iface -p tcp -d 25 -t allow
8
filter add $MAIL2 -i iface -p tcp -s 25 -t allow
Allow all of your users to send and receive email.
9
filter add $FTP1 -i iface -f inbound -p tcp -s 20 -t allow
Allow inbound connections to the local FTP client data port.
10
filter add $DNS1 -i iface -p tcp -s 53 -t allow
11
filter add $DNS2 -i iface -p tcp -d 53 -t allow
12
filter add $DNS3 -i iface -p udp -s 53 -t allow
13
filter add $DNS4 -i iface -p udp -d 53 -t allow
Allow local machines full use of DNS.
14
filter add $RIP1 -i iface -p udp -s 520 -t allow
15
filter add $RIP2 -i iface -p udp -d 520 -t allow
Allow RIP packets across the link.
Your customized filters are inserted here.
16
filter add $NOUDP -i iface -p udp -t deny
17
filter add $NOSRV -i iface -p tcpnew -f inbound -t deny
Deny all services not mentioned above, for UDP and TCP.
18
filter enable
Enable all filter statements.