Rules

Command line: Setup > IP-Router > Firewall > Rules

The rules table links various pieces of information on a firewall rule. The rule contains the protocol to be filtered, the source, the destination and the firewall action to be executed. For every firewall rule there is also an on/off switch, a priority, the option to link with other rules, and activation of the rule for VPN connections.

Note: The routing tag 0 means 'do not mark'. If the device is to route data packets to a network tagged with 0, please enter 65535 here.

The firewall is configured using objects. The % notation described as follows is only necessary for defining objects or actions.

Note: Existing firewalls in the % notation are not automatically converted to the object-oriented form. However, the LANCOM Knowledge Base contains the pre-defined firewall settings used by the new objects.

Note: Devices with firmware version 7.6 or later are automatically pre-defined with the main firewall objects. When processing older configurations with LANconfig, the firewall's standard objects are added automatically.

The firmware uses a special syntax to define firewall rules. This syntax enables the representation of complex interrelationships for the testing and handling of data packets in the firewall with just a few characters. The rules are defined in the rules table. Pre-defined objects can be stored in two further tables so that frequently used objects do not have to be entered into the firmware syntax every time:

The firewall actions are stored in the action table
The object table holds the stations and services

Note: The objects from these tables can be used for rule definition, although this is not compulsory. They merely simplify the use of frequently used objects.

The definition of firewall rules can contain entries in the object table for protocols, services, stations and the action table for firewall actions, and also direct definitions in the appropriate firmware syntax (e.g. %P6 for TCP).

Note: For direct input of level parameters in the firmware syntax, the same rules apply as specified for protocols, source/destination and firewall actions.