LANCOM Router Firewall Konfiguration: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115“) |
KKeine Bearbeitungszusammenfassung |
||
| Zeile 1: | Zeile 1: | ||
https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115 | https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115 | ||
== Firewall Regeln für AddIn == | |||
=== Allgemeine Dienste: === | |||
cd / | |||
cd /Setup/IP-Router/Firewall/Rules | |||
del * | |||
<nowiki>#</nowiki> Name Prot. Source Destination Action LB-Policy Linked Prio Firewall-Rule VPN-Rule Stateful Src-Tag Rtg-tag Comment | |||
<nowiki>#</nowiki> ==================================----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |||
add "WINS" {Prot.} "TCP UDP" {Source} "NETBIOS ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "block NetBIOS/WINS name resolution via DNS" | |||
add "ALLOW-VPN" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "IPSEC ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
add "ALLOW-DNS" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "DNS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
add "ALLOW-INET" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "MAIL HTTP HTTPS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
add "DENAY-ALL" {Prot.} "ANY" {Source} "ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
add "CONTENT-FILTER" {Prot.} "TCP" {Source} "LOCALNET" {Destination} "WEB ANYHOST" {Action} "CONTENT-FILTER-BASIC" {LB-Policy} "" {Linked} No {Prio} 9999 {Firewall-Rule} No {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "pass web traffic to Content-Filter" | |||
cd / | |||
=== Zusätzlich für ein Bestimmtes Netz "Produktiv" in ein VPN Tunnel alles freigeben: === | |||
add "IGEL" {Prot.} "ANY" {Source} "%LPRODUKTIVNETZ" {Destination} "%HPRODU@Z_RZGA_M" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 100 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "" | |||
[[Kategorie:Lancom]] | |||
[[Kategorie:Firewall]] | |||
[[Kategorie:Regeln]] | |||
[[Kategorie:17xx]] | |||
[[Kategorie:19xx]] | |||
__INHALTSVERZEICHNIS_ERZWINGEN__ | |||
Version vom 29. März 2021, 08:50 Uhr
https://support.lancom-systems.com/knowledge/pages/viewpage.action?pageId=32982115
Firewall Regeln für AddIn
Allgemeine Dienste:
cd /
cd /Setup/IP-Router/Firewall/Rules
del *
# Name Prot. Source Destination Action LB-Policy Linked Prio Firewall-Rule VPN-Rule Stateful Src-Tag Rtg-tag Comment
# ==================================-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "WINS" {Prot.} "TCP UDP" {Source} "NETBIOS ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "block NetBIOS/WINS name resolution via DNS"
add "ALLOW-VPN" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "IPSEC ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "ALLOW-DNS" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "DNS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "ALLOW-INET" {Prot.} "ANY" {Source} "LOCALNET" {Destination} "MAIL HTTP HTTPS ANYHOST" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "DENAY-ALL" {Prot.} "ANY" {Source} "ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {LB-Policy} "" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""
add "CONTENT-FILTER" {Prot.} "TCP" {Source} "LOCALNET" {Destination} "WEB ANYHOST" {Action} "CONTENT-FILTER-BASIC" {LB-Policy} "" {Linked} No {Prio} 9999 {Firewall-Rule} No {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "pass web traffic to Content-Filter"
cd /
Zusätzlich für ein Bestimmtes Netz "Produktiv" in ein VPN Tunnel alles freigeben:
add "IGEL" {Prot.} "ANY" {Source} "%LPRODUKTIVNETZ" {Destination} "%HPRODU@Z_RZGA_M" {Action} "ACCEPT" {LB-Policy} "" {Linked} No {Prio} 100 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} ""