to restrict access to the device from the local network to avoid potential mis-configura-
tion and/or interference with remote management tasks.
The SpeedTouch

610 firewall provides various means to restrict access from the LAN.

Default Firewall

configuration vs LAN

No restriction apply at all for packets arriving at the SpeedTouch

610 IP host from the

local network due to following two primary rules in the sink chain:

Equally, no restrictions apply for packets leaving the SpeedTouch

610 IP host to the

local network due to following primary rule in the source chain:

Restricting all

SpeedTouch

610

access for the local

network

Forbidding all contact between the SpeedTouch

610 IP host and the local network can

be simply done by deleting these three rules.

Note

Do not perform this operation via a Telnet session, or via the
SpeedTouch

610 web pages, as deleting the rules will have immediate

effect: all direct IP conectivity will be lost. Therefore, make sure to perform
this operation only from CLI access via the serial Console port.

Doing so will not affect the forwarding and routing functionality of the
SpeedTouch

610, but local hosts will no longer be able to ping, ftp and telnet the

SpeedTouch

610 or browse its web pages.

However, before the local users will experience the same behaviour of the services
delivered by the SpeedTouch

610 two internal SpeedTouch

610 should be made

available for the “outside” again:
For the good operation of the SpeedTouch

610 DNS server towards the local

network, following rule must be added to the source chain:

This rule makes sure that name resolvings by the SpeedTouch

610 can be propagated

to the requesting (local) host.

chain=sink index=0 srcintf="eth0" srcbridgeport=!1 action=drop
chain=sink index=1 srcintfgrp=!wan action=accept

chain=source index=0 srcintfgrp=!wan action=accept

chain=source index=1 prot=tcp srcport=dns action=accept