Tranzeo Wireless Technologies Inc GNVPZ1NT3 Manuale Utente
Chapter 15: Controlling Access to the EnRoute500
TR0153 Rev. E1
113
CLI
The firewall is enabled by selecting the ‘firewall’ interface and setting the ‘node.enable’
parameter.
parameter.
> use firewall
firewall> set node.enable=yes
firewall> set node.enable=yes
Lists of allowed source and destination ports for inbound TCP and UDP traffic can be
specified. These lists can be set with the following parameters in the ‘firewall’ interface:
• node.tcp.allow.dest
• node.tcp.allow.source
• node.udp.allow.dest
• node.udp.allow.source
The list of allowed ports must be a space-delimited string enclosed by quotes. The example
below shows how to set the TCP source ports parameters.
• node.tcp.allow.source
• node.udp.allow.dest
• node.udp.allow.source
The list of allowed ports must be a space-delimited string enclosed by quotes. The example
below shows how to set the TCP source ports parameters.
> use firewall
firewall> set node.tcp.allow.dest=”22 23 80 5280”
firewall> set node.tcp.allow.dest=”22 23 80 5280”
Web GUI
It is not possible to configure the state of the firewall and the open firewall ports via the web
interface. It is enabled by default.
interface. It is enabled by default.
15.2 Gateway Firewall
The gateway firewall blocks connections originating outside the mesh neighborhood from
entering the mesh via the gateway, protecting mesh devices and their clients from unwanted
traffic. The gateway firewall will permit return traffic for connections that originate inside the
mesh neighborhood or on mesh clients.
The gateway firewall should only be enabled on EnRoute500s that are configured as
gateways. It is possible to enable the gateway firewall on a repeater device, but it does not
have any effect on the flow of traffic through the device’s Ethernet interface.
entering the mesh via the gateway, protecting mesh devices and their clients from unwanted
traffic. The gateway firewall will permit return traffic for connections that originate inside the
mesh neighborhood or on mesh clients.
The gateway firewall should only be enabled on EnRoute500s that are configured as
gateways. It is possible to enable the gateway firewall on a repeater device, but it does not
have any effect on the flow of traffic through the device’s Ethernet interface.
If you have enabled NAT (see section 14.2) on the Ethernet interface ‘eth0’, you will
have an implicit firewall that limits the type of inbound connections that are possible.
have an implicit firewall that limits the type of inbound connections that are possible.