beautypg.com

Firewall scripts 15, Introduction 15.1, Firewall script syntax 15.2 – Westermo MR Series User Manual

Page 392

background image

392

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Firewall Scripts

15

Introduction

15.1

A “firewall” is a protection system designed to prevent access to your local area network by
unauthor ised “external” parties, i.e. other users of the internet or another wide area network. It
may also limit the degree of access local users have to external network resources. A firewall does
not provide a complete security solution; it provides only one element of a fully secure system.
Consideration should also be given to the use of user authentication and data encryption. Refer to
the IPSec section for fur ther information.

In simple terms, a firewall is a packet filtering system that allows or prevents the transmission of
data (in either direction) based on a set of rules. These rules can allow filtering based on the follow-
ing criteria:

source and destination IP addresses

source and destination IP port or port ranges

type of protocol in use

direction of the data (in or out)

interface type

the eroute the packet is on

if an interface is OOS (out of service)

ICMP message type

TCP flags (SYN, ACK, URG, RESET, PUSH, FIN)

TOS field

status of a link and/or data packets on UDP/TCP and ICMP protocols

In addition to providing comprehensive filtering facilities, Westermo routers also allow you to spec-
ify rules relating to the logging of information for audit/debugging purposes. This information can be
logged to a pseudo-file on the unit called FWLOG.TXT, the EVENTLOG.TXT pseudo-file or to a
syslog server. It can also be used to generate SNMP traps.

Firewall Script Syntax

15.2

A firewall must be individually configured to match the needs of authorised users and their applica-
tions. On Westermo routers the rules governing firewall behaviour are defined in a script file called
FW.TXT. Each line in this file consists of a label definition, a comment or a filter rule.

Labels

15.2.1

A label definition is a string of up to 12 characters followed by a colon. Labels can only include
letters, digits and the underscore character and are used in conjunction with the break option to
cause the processing of the script to jump to a new location.

Comments

15.2.2

Any line starting with the hash character (“#”) is deemed to be a comment and ignored.

This manual is related to the following products:
See also other documents in the category Westermo Equipment: