Manualshelf

User manual

ManualsBrandsvirtual access ManualsComputer equipmentGW1000
131132133134135136137138139140
20: Configuring firewall
_______________________________________________________________________________________________________
# ESP protocol
config rule
option src wan
option dest lan
option proto esp
option target ACCEPT
For some configurations you also have to open port 500/UDP.
# ISAKMP protocol
config rule
option src wan
option dest lan
option proto udp
option src_port 500
option dest_port 500
option target ACCEPT
20.10.13 Manual iptables rules
You can specify traditional iptables rules, in the standard iptables unix command
form, in an external file and included in the firewall config file. It is possible to
use this process to include multiple files.
config include
option path /etc/firewall.user
config include
option path /etc/firewall.vpn
The syntax for the includes is Linux standard and therefore different from UCIs.
The syntax documentation can be found in netfilter.
20.11 Firewall management
After a configuration change, firewall rules are rebuilt by entering:
root@VA_router:/# /etc/init.d/firewall restart
Executing the following command will flush all rules and set the policies to
ACCEPT on all standard chains:
root@VA_router:/# /etc/init.d/firewall stop
To manually start the firewall, enter:
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 140 of 255