Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

161

162

163

164

165

166

167

168

169

170

Efficient Networks

Router family

Technical Reference Guide

Chapter 5: System Security

Efficient Networks

Page 5-27

-> remote ipfilter append input accept -p tcp -dp 23 -da

10.0.1.1 internet

-> remote ipfilter append input drop -p tcp -dp 23 internet

The filter order is important; packets are compared to filters in the order that the filters

appear in the filter list. Any Telnet packet that doesn’t match the first filter is dropped

by the second filter. Thus, command order is important because each of these

commands appends its filter to the end of the list.

Built-in Firewall Filters

Although IP filtering offers great flexibility and control, creating the required series of

commands may appear complex to a casual user. Therefore, four sets of firewall

filters are resident in the flash memory of factory-built routers.

The four sets of filters offer four levels of security: maximum, medium, minimum, and

none. You can select and install any of these filter sets from the Set Firewall page of

the Web graphic interface.

The four filter sets are also provided as script files in the samples directory on the

Documentation CD. The file names are maxsec.txt (maximum security), medsec.txt

(medium security), minsec.txt (minimum security) and nosec.txt (no filters). To

execute one of these files from the CLI, first copy the file to the router and then use

the execute command. For example, to execute the medsec.txt file for medium

security, enter:

execute medsec.txt

Before executing any script file, you should check its content. Three of the filter sets

are listed at the end of this IP Filtering section (“Example 3: Maximum Security

Firewall” on page 5-27, “Example 4: Medium Security Firewall” on page 5-29, and

“Example 5: Minimum Security Firewall” on page 5-30). Be sure to edit the file to fit

your specific configuration and seek expert help if you are not familiar with security.

Example 3: Maximum Security Firewall

The following lists the filters installed when you request maximum security via the

graphic interface.

# For DSL routers

# Allow protocols: HTTP, FTP, DNS, L2TP

# Flush all existing filters

remote ipfilter flush input internet

remote ipfilter flush output internet

remote ipfilter flush transmit internet

remote ipfilter flush receive internet