User's Manual
EnRoute50x/51x User’s Guide
TR0153 Rev. D2
89
If ports that are open by default are reconfigured to be closed, certain EnRoute500
functions will be affected. It is strongly recommended that all of the ports listed in
Table 14 be kept open.
CLI
The firewall is enabled by selecting the „firewall‟ interface and setting the „node.enable‟
parameter.
> use firewall
firewall> set node.enable=yes
Lists of allowed source and destination ports for inbound TCP and UDP traffic can be
specified. These lists can be set with the following parameters in the „firewall‟ interface:
node.tcp.allow.dest
node.tcp.allow.source
node.udp.allow.dest
node.udp.allow.source
The list of allowed ports must be a space-delimited string enclosed by quotes. The example
below shows how to set the TCP source ports parameters.
> use firewall
firewall> set node.tcp.allow.dest=”22 23 80 5280”
12.2 Gateway Firewall
The gateway firewall blocks connections originating outside the mesh cluster from entering the
mesh via the gateway, protecting mesh nodes and their clients from unwanted traffic. The
gateway firewall will permit return traffic for connections that originate inside the mesh cluster
or on mesh clients.
The gateway firewall should only be enabled on EnRoute500‟s that are configured as
gateways. It is possible to have the gateway firewall set to be enabled on a repeater node, but
it does not have any effect on the flow of traffic through the node‟s Ethernet interface.
If you have enabled NAT (see section 11.2) on the Ethernet interface „eth0‟, you will
have an implicit firewall that limits the type of inbound connections that are possible.
CLI
The state of the gateway firewall is controlled with the „gateway‟ parameter in the „firewall‟
interface. Enable the gateway firewall with