Firewall – Ubiquiti Networks Rockeac User Manual
Page 28
25
Chapter 4: Network
airOS®7 User Guide
Ubiquiti Networks, Inc.
•
STP
Select this option to enable the STP feature.
Multiple interconnected bridges create larger networks.
Spanning Tree Protocol (STP) eliminates loops from
the topology while finding the shortest path within a
network.
If enabled, the device bridge communicates with other
network devices by sending and receiving Bridge
Protocol Data Units (BPDU). STP should be disabled
(default setting) when the device is the only bridge on
the LAN or when there are no loops in the topology, as
there is no need for the bridge to use STP in this case.
•
Ports
Select the appropriate ports for your bridge
network. (Virtual ports are available if you have created
VLANs.)
-
Add
Select an Available Port and click Add.
-
Remove
Select a Selected Port and click Remove.
•
Comment
You can enter a brief description of the
purpose for the bridge network.
Click OK to save changes, or click Cancel to close the
window without saving changes.
Firewall
(Available in Advanced view.) You can configure firewall
rules for the network interfaces. All active firewall entries
are stored in the FIREWALL chain of the ebtables filter
table in Bridge mode, or the iptables filter table in Router
mode. (The ebtables table is a transparent link layer
filtering tool used on bridge interfaces, that allows the
filtering of network traffic passing through a bridge.)
Packets are processed by sequentially traversing the
firewall rules.
Click the Firewall section to display its contents.
Enabled
Select this option to enable firewall functionality.
Enabled
Displays the status of the firewall rule, Enabled
(Yes) or Disabled (No).
Position
Displays the order of the firewall rules.
Target
Displays the firewall action for packets, Accept or
Drop.
Interface
Displays the interfaces specified by the
firewall rule.
IP Type
Displays the specific Layer 3 protocol type: IP,
ICMP, TCP, or UDP being filtered.
Source IP/Mask
Displays the source IP/mask of the
packet that traverses the firewall rule.
Source Port
Displays the source port of the packet that
traverses the firewall rule.
Destination IP/Mask
Displays the destination IP/mask of
the packet that traverses the firewall rule.
Destination Port
Displays the destination port of the
packet that traverses the firewall rule.
Comment
Displays a brief description of the purpose for
the firewall rule.
Add
Click Add to create a firewall rule. Go to the Add or
Edit a Firewall Rule section below.
Action
After a firewall rule has been created, you have the
following options:
•
Edit
Make changes to a firewall rule. Go to the Add or
Edit a Firewall Rule section below.
•
Up and Down
Change the order of the firewall rule
entries. Order is important in the firewall rules list as
packets traverse the firewall rules sequentially.
•
Delete
Remove a firewall rule.
Add or Edit a Firewall Rule
The Firewall Rule window opens:
•
Enabled
Select this option to enable the specific
firewall rule. All the added firewall rules are saved in the
system configuration file; however, only the enabled
firewall rules are active on the device.
•
Target
To allow packets to pass through the firewall
unmodified, select ACCEPT. To block packets, select
DROP.
•
Interface
Select the appropriate interface where the
firewall rule is applied. To apply the firewall rule to all
interfaces, select ANY.
•
IP Type
Select which specific Layer 3 protocol type: IP,
ICMP, TCP, or UDP should be filtered.
•
Source IP/Mask
Enter the source IP of the packet
(specified within the packet header). Usually it is the IP
of the host system that sends the packets. The mask is in
slash notation (also known as CIDR format). For example,
if you enter 192.168.1.0/24, you are entering the range
of 192.168.1.0 to 192.168.1.255.
-
Invert
Select this option to invert the Source IP/Mask
filtering criterion. For example, if you enable Invert for
the specified Source IP a.b.c.d, then the filtering criteria
will be applied to all the packets sent from any Source
IP except a.b.c.d.