Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

– A NAT-rule for the PPPoE interface (WAN) and internal VLAN 1 (LAN) is

added.

– Firewall filtering rules denying inbound UDP and TCP port 53 (DNS) are

added for the PPPoE interface (WAN).

Note

Firewall filtering of inbound UDP and TCP port 53 is added to prevent the unit
to become an open DNS relay on the WAN side.
Open DNS relay is considered to be a security problem and can be used for
remote attacks of the ISP’s DNS server. DNS relay is enabled on all interfaces
and should be filtered away on all interfaces facing public networks. Normal
DNS traffic originating from the inside (from the LAN) will work as expected
and is not affected by these rules.

➞ 2015 Westermo Teleindustri AB

243