SnapGear 1.7.8 User Manual

Commonly used interfaces are:

eth0

the

LAN

port

eth1

the

WAN/Internet

port

pppX

eg. ppp0 or ppp1 – a PPP session

ipsecX

eg. ipsec0, an IPSec interface

The firewall rules deny all packets arriving from the WAN port by default. There are a few
ports open to deal with traffic such as DHCP, VPN services and similar. Any traffic that
does not match the exceptions however is dropped.

There are also some specific rules to detect various attacks (smurf, teardrop, etc.).

When outbound traffic (from LAN to WAN) is blocked by custom rules configured in the
GUI, the resultant dropped packets are also logged.

The for all these rules is varied according to their type.

Currently used prefixes for traffic arriving:

Default Deny

Packet didn't match any rule – drop it

Invalid

Invalid

packet

format

detected

Smurf

Smurf

attack

detected

Spoof

Invalid

IP

address

detected

SynFlood

SynFlood

attack

detected

Custom

Custom rule dropped outbound packet

A typical Default Deny: will thus look similar to the following:

Appendix B – System Log

97