Filter
Top Products
ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER USER’S MANUAL
77
At the end of initial configuration, if the default route for an interface points to a serial point-to-point
interface (synchronous or modem), you will be offered a standard firewall configuration. For the
question “Install standard Internet access firewall on iface?” answer Y to install the suite of predefined IP
filters.
When executing config modify, answer Y to the same question in the previous paragraph, to install the
IP filters. If there are filters already present with reserved names, and you request the standard firewall,
all filters with names that begin with “$” are deleted, before the standard firewall is generated.
List of predefined IP filters
The predefined IP filter statements are:
1 filter add $OUTOK -f outbound -t allow
2 filter add $TCPOK -p tcpestab -t allow
3 filter add $FAKE25 -i iface -p tcpnew -s 25 -t deny
4 filter add $NOLOOP -s 127.0.0.0/8 -t deny
5 filter add $NORCMD -p tcp -d 512-515 -t deny
5a filter add $NOTN -p tcp -d 23 -t deny
6 filter add $SRVOK -p tcp -d server/32 -t allow
7 filter add $MAIL1 -i iface -p tcp -d 25 -t allow
8 filter add $MAIL2 -i iface -p tcp -s 25 -t allow
9 filter add $FTP1 -i iface -f inbound -p tcp -s 20 -t allow
10 filter add $DNS1 -i iface -p tcp -s 53 -t allow
11 filter add $DNS2 -i iface -p tcp -d 53 -t allow
12 filter add $DNS3 -i iface -p udp -s 53 -t allow
13 filter add $DNS4 -i iface -p udp -d 53 -t allow
14 filter add $RIP1 -i iface -p udp -s 520 -t allow
15 filter add $RIP2 -i iface -p udp -d 520 -t allow
Your customized filters are inserted here.
16 filter add $NOUDP -i iface -p udp -t deny
17 filter add $NOSRV -i iface -p tcpnew -f inbound -t deny
18 filter enable
Filter statements 1–15 are placed before any user-defined filter statements. Items 16–17 are placed
after any user-defined filter statements.