Filter
Top Products
Security 7-27
Input filter 3: This filter explicitly passes all WAN-originated ICMP
traffic to permit devices on the WAN to ping devices on the LAN. Ping
is an Internet service that is useful for diagnostic purposes.
Input filters 4 and 5: These filters pass all TCP and UDP traffic,
respectively, when the destination port is greater than 1023. This type
of traffic generally does not allow a remote host to connect to the LAN
using one of the potentially intrusive Internet services, such as Telnet,
FTP, and WWW.
Output filter 1: This filter passes all outgoing traffic to make sure that
no outgoing connections from the LAN are blocked.
Basic Firewall is suitable for a LAN containing only client hosts that
wish to access servers on the WAN, not for a LAN containing servers
providing services to clients on the WAN. Basic Firewall’s general
strategy is to explicitly pass WAN-originated TCP and UDP traffic to
ports greater than 1023. Ports lower than 1024 are the service
origination ports for various Internet services such as FTP, Telnet, and
the World Wide Web (WWW).
A more complicated filter set would be required to provide WAN
access to a LAN-based server. See “Possible modifications,” below,
for ways to allow remote hosts to use services provided by servers on
the LAN.
Possible modifications
You can modify the sample filter set Basic Firewall to allow incoming
traffic using the examples below. These modifications are not
intended to be combined. Each modification is to be the only one used
with Basic Firewall.
The results of combining filter set modifications can be difficult to
predict. It is recommended that you take special care if making more
than one modification to the sample filter set.