Router Installation and Configuration Manual/Configuring Services: Firewall Menu

From ImageStream Router Documentation

Jump to: navigation, search
This chapter describes how to configure the ImageStream router to use Linux's standard iptables utility. iptables are used for network and router security, traffic filtering including proxy redirection and firewalling using Network Address Translation (NAT). This chapter includes the following topics:
  • Configuring firewalls using iptables
  • Enabling firewall at boot-time
  • Disabling firewall at boot-time
  • Instating firewall rules
  • Clearing firewall rules
  • Restoring the factory default firewall configuration
After logging in, the main menu is displayed (your menu may look slightly different):
     ISis-Router main menu 
     1. Configuration menu 
     2. Show interface status 
     3. Advanced 
     4. Router software management 
     5. Backup/Restore 
     6. halt/reboot 
     0. Log off 
Select menu option 1, Configuration menu, and press Enter to configure the router. The Configuration menu should appear (your menu may look slightly different):
     Configuration menu 
     1. AAA (Password) Configuration 
     2. Global configuration 
     3. Network interface configuration 
     4. Firewall and QOS configuration 
     5. Service configuration 
     6. Dynamic routing configuration 
     7. Save configuration to flash 
     0. ISis-Router main menu 
Select menu option 4, Firewall and QOS configuration, and press Enter to configure the router's firewall and QOS configuration settings. The Firewall and QOS Configuration menu will be diplayed (again, your menu may look slightly different):
     Firewall and QOS configuration 
     1. QOS Menu (diffserv), (instated) 
     2. Firewall (iptables), (instated) 
     0. Configuration menu 
Select menu option 2, Firewall, and press Enter to configure the router's firewall setting. The Firewall menu will be displayed (again, your menu may look slightly different):
     Firewall (iptables), (instated) 
     1. Configure firewall rules 
     2. Enable firewall on boot 
     3. Disable firewall on boot 
     4. Instate firewall rules 
     5. Clear firewall rules 
     6. Display rules and packet counters 
     7. Restore to default configuration 
     0. Firewall and QOS configuration 
Select menu option 1, Configure firewall rules, and press Enter to configure the router's firewall settings. This will open the default firewall configuration file in your default text editor (your file may look slightly different):
The first line of the file:
     #!/bin/sh
must remain unchanged. This line indicates to the router that the lines in the file are part of a shell script. Lines that begin with a # are comments and will not be processed by the router. You may add comments anywhere in the file. There is no limit on the number of comments you may have in a particular file, provided that you have enough system memory and flash space to store the file.

Contents

Configuring Firewalls and Packet Filtering using IPTABLES

ImageStream provides several complete tutorials in the Technical Notes section of its support Web site to assist you in configuring your firewall settings. The default configuration file includes some common examples also.
Once you have entered all of the firewall and packet filtering rules in this file, save the file by pressing Control-X. If you have made changes to the file, the router will prompt you to save the file at the bottom of the screen:
     Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ? Y Yes N No	^C Cancel
Press Y on your keyboard. The router will prompt you for a file name:
     File Name to write: /etc/rc.d/rc.firewall ^C Cancel 
You should accept the default filename. If you choose to save the file in a different location, the router will not automatically locate the file and instate any changes. Press Enter on the keyboard to accept the default. The ^C notation indicates the key combination Control-C. You may press Control-C at any time during the save process to return to the file.
Note: You must save the settings to the router's non-volatile flash memory! If the router is rebooted before saving, your changes will be lost! See Chapter 26, "Backup/Restore Menu: Managing Configurations" for more information. Once you have saved the file by pressing Enter, the router will display:
     Instating firewall rules...done. 
and return you to the firewall menu:
     Firewall (iptables), (instated) 
     1. Configure firewall rules 
     2. Enable firewall on boot 
     3. Disable firewall on boot 
     4. Instate firewall rules 
     5. Clear firewall rules 
     6. Display rules and packet counters 
     7. Restore to default configuration 
     0. Firewall and QOS configuration

Enabling firewall Rules at Boot-time

2. Enable firewall on boot
Selecting this menu option enables the firewall rules when the router is booted. This does not instate the firewall rules on the router if it is not running, unless the router is rebooted first. By default, the firewall configuration is enabled on boot. To enable firewall on boot, select this menu option by pressing 2 and Enter. The router will display the following message:
     firewall enabled on boot. 
If the firewall configuration has already been enabled on boot, the router will display the message:
     firewall already enabled on boot. 
The resulting messages will only be displayed for a few seconds, and then you will be returned to the Firewall menu.

Disabling Firewall Rules at Boot-time

3. Disable firewall on boot
Selecting this menu option disables the firewall rules when the router is booted. This does not remove the firewall rules on the router if it is running, unless the router is rebooted first. To disable the firewall rules on boot, select this menu option by pressing 3 and Enter. The router will display the following message:
     firewall disabled on boot. 
If the firewall configuration has already been disabled on boot, the router will display the message:
     firewall already disabled on boot. 
The resulting message will only be displayed for a few seconds, and then you will be returned to the Firewall menu.

Instating Firewall Rules

4. Instate firewall rules
Selecting this menu option instates the firewall configuration on the router. Instating the firewall configuration does not automatically enable the firewall rules when the router is booted. To instate the firewall rules, select this menu option by pressing 4 and Enter. The router will display the following message:
     Instating firewall rules...done. 
The message will only be displayed for a few seconds, and then you will be returned to the Firewall menu.

Clearing Firewall Rules

5. Clear firewall rules
Selecting this menu option clears the firewall configuration on the router. Clearing the firewall configuration does not automatically disable the firewall rules when the router is booted. To clear the firewall rules, select this menu option by pressing 5 and Enter. The router will display the following message:
     Clearing firewall rules...done. 
The message will only be displayed for a few seconds, and then you will be returned to the Firewall menu.

Restoring the Factory Default Firewall Configuration

6. Restore to default configuration
Selecting this menu option removes the stored firewall configuration from the router's non-volatile flash memory. Selecting this menu option and confirming your selection will remove any user-defined firewall configurations from the router. This will not instate or clear any of the rules, and will not enable or disable firewall rules. Selecting this option will restore the router to the factory default firewall configuration only.
To restore the factory default firewall rules, select this menu option by pressing 6 and Enter. The router will display this confirmation menu:
     Set default config for firewall? 
     1. Yes 
     2. No 
     0. Quit 
Pressing 2 or 0 and Enter will return you to the "Firewall menu" without making any changes to the configuration. Confirm your decision to restore the factory default firewall configuration by pressing 1 and Enter. The following message will be displayed:
     firewall returned to default configuration. 
     Press enter/return to continue 
Pressing Enter returns you to the Firewall menu.

Returning to the Firewall and QOS Menu

0. Firewall and QOS configuration

Selecting this menu option returns you to the "Firewall and QOS configuration" menu. To return to the Firewall and QOS configuration menu, press 0 and Enter. The router will display the Firewall and QOS configuration menu:
     Firewall and QOS configuration 
     1. QOS Menu (diffserv), (instated) 
     2. Firewall (iptables), (instated) 
     0. Configuration menu
Personal tools
Router software releases