If no other firewall rule is entered, the local network is protected by the interaction of network address translation and stateful inspection: Only connections from the local network generate an entry in the NAT table, whereupon the device opens a communication port. Communication over this port is monitored by stateful inspection: Only packets belonging to this connection may be communicated over this port. Attempts to access the local network from outside are met with an implicit deny-all strategy.
Important: If you operate a server on your LAN that is made accessible from the Internet by means of entries in the service table, then stations from the Internet can establish connections to this server from the outside. In this case, inverse masquerading takes precedence over the firewall unless an explicit deny-all rule has been set up.
Transferring firewall rules with scripts
Firewall rules can be easily and conveniently transferred via scripts across device and software versions. Explicit example scripts can be found in the LANCOM Knowledge Base.
