Re: Westell 327W Firewall - dslreports.com

Author	All Replies
The Hammer join:2009-07-09	reply to impala Re: Westell 327W Firewall OK, now my inbound firewall rules look like: title [ Security Level Custom (Low) IN rules ] begin # Drop and Log Packets with Time to Live (TTL) of 0 or 1 TTL #drop match 3 8 { 01:FE } >> done, alert 4 [TTL of 0 or 1] drop match 3 8 { 00:FF } >> done, alert 4 [TTL of 0] drop match 3 8 { 01:FF } >> done, alert 4 [TTL of 1] # Drop and Log Packets of Prohibited Source Address Address drop from addr 0.0.0.0 >> done, alert 4 [0.0.0.0 Source IP Address] # Internet Control Message Protocol (ICMP) # Pass Specific ICMP Types, Drop and Log all Unsolicited ICMP ICMP pass protocol icmp, icmp-type exceeded >> done # Type: 11 (allow TTL exceeded reply (trace route)) drop protocol icmp, icmp-type reply >> done, alert 3 [ICMP Message To WAN IP - Echo Reply - Dropped] # Type: 0 (block echo (ping) reply) drop protocol icmp, icmp-type exceeded >> done, alert 3 [ICMP Message To WAN IP - TTL Exceeded - Dropped] # Type: 11 (block TTL exceeded reply (trace route)) drop protocol icmp, icmp-type unreachable >> done, alert 3 [ICMP Message To WAN IP - Dst Unreachable - Dropped] # Type: 3 (block unreachable reply) drop protocol icmp, icmp-type request >> done, alert 3 [ICMP Message To WAN IP - Echo Request - Dropped] # Type: 8 (block echo (ping) requests) drop protocol icmp >> done, alert 3 [ICMP Message To WAN IP - Dropped] # Type: (block all others) #pass to port 20 >> state, done # FTP #pass from port 20 >> state, done # FTP #pass to port 21 >> state, done # FTP #pass from port 21 >> state, done # FTP # Permit All Inbound Packets That Are Not Explicitly Denied or That Have a Matching Session State Table Entry. Permitted pass all end I will try it and see what happens. Thanks. Shouldn't I delete the '#' pound sign at the beginning of each? Doesn't the # sound disable the line? As to the other posts that are helping me with the Mac, my question was confusing. The firewall I am trying to configure is not the Mac firewall, but the firewall on the Westell 327W DSL Modem / Router. Thanks.
The Hammer join:2009-07-09	to forum · permalink · · 2009-07-09 16:44:22 ·
impala join:2008-03-08 Clemson, SC ·AT&T Southeast	said by The Hammer : Shouldn't I delete the '#' pound sign at the beginning of each? Doesn't the # sound disable the line? correct. delete the # to activate the rule
impala join:2008-03-08 Clemson, SC ·AT&T Southeast	to forum · permalink · · 2009-07-10 10:03:12 ·


Saturday, 28-Nov 22:03:46	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF