Firewall, Port forwarding – Ubiquiti Networks PowerBridgM User Manual
Page 41
38
Chapter 5: Network Tab
airOS
™
v5.5.4 User Guide
Ubiquiti Networks, Inc.
Firewall
(Available in Advanced view.) You can configure firewall
rules for the local and external network interfaces. Click
the + button to display the Firewall section.
Enable
Enables firewall functionality.
Enabled
Enables the specific firewall rule. All the added
firewall rules are saved in the system configuration file;
however, only the enabled firewall rules are active on the
device.
Target
To allow packets to pass through the firewall
unmodified, select ACCEPT. To block packets and send no
response, select DROP.
Interface
Select the appropriate interface where the
firewall rule is applied. To apply the firewall rule to all
interfaces, select ANY.
IP Type
Sets which specific Layer 3 protocol type (IP, ICMP,
TCP, UDP) should be filtered.
!
Can be used to invert the Source IP/Mask, Source Port,
Destination IP/Mask, and Destination Port filtering criteria.
For example, if you enable ! (Not) for the specified
Destination Port value 443, then the filtering criteria will
be applied to all the packets sent to any Destination Port
except port 443, which is commonly used by HTTPS.
Source IP/Mask
Check the box and specify the source IP
of the packet (specified within the packet header). Usually
it is the IP of the host system that sends the packets. For
example, if you enter 192.168.1.0/24, you are entering the
range of 192.168.1.0 to 192.168.1.255.
Source Port
Check the box and specify the source port of
the packet (specified within the packet header). Usually it
is the port of the host system application that sends the
packets.
Destination IP/Mask
Check the box and specify the
destination IP of the packet (specified within the packet
header). Usually it is the IP of the system which the packet
is addressed to. For example, if you enter 192.168.1.0/24,
you are entering the range of 192.168.1.0 to 192.168.1.255.
Destination Port
Check the box and specify the
destination port of the packet (specified within the
packet header). Usually it is the port of the host system
application which the packet is addressed to.
Comment
You can enter a brief description of the
purpose for the firewall rule.
All active firewall entries are stored in the FIREWALL chain
of the iptables filter table.
Action
You have the following options:
•
Add
Add a firewall rule.
•
Edit
Make changes to a firewall rule. Click Save to save
your changes.
•
Del
Delete a firewall rule.
Static Routes
(Available in Advanced view.) You can manually add
static routing rules to the system routing table; you can
set a rule that a specific target IP address (or range of IP
addresses) passes through a specific gateway. Click the +
button to display the Static Routes section.
Enabled
Enables the specific static route. All the added
static routes are saved in the system configuration file;
however, only the enabled static routes are active on the
device.
Target Network IP
Specify the IP address of the
destination.
Netmask
Specify the netmask of the destination.
Gateway IP
Specify the IP address of the gateway.
Comment
You can enter a brief description of the
purpose for the static route.
Action
You have the following options:
•
Add
Add a static route.
•
Edit
Make changes to a static route. Click Save to save
your changes.
•
Del
Delete a static route.
Port Forwarding
Port forwarding allows specific ports of the hosts on the
local network to be forwarded to the external network
(WAN). This is useful for a number of applications (such
as FTP servers, VoIP, gaming) that require different host
systems to be seen using a single common IP address/
port. Click the + button to display the Port Forwarding
section.
Enabled
Enables the specific port forwarding rule. All
the added port forwarding rules are saved in the system
configuration file; however, only the enabled port
forwarding rules are active on the device.
Private IP
The IP address of the local host that needs to
be accessible from the external network.
Private Port
The TCP or UDP port of the application
running on the local host. The specified port will be
accessible from the external network.