Westermo RedFox Series User Manual
Page 692
Westermo OS Management Guide
Version 4.17.0-0
6. Enabled Management Interfaces: As described in
, an operator
can use the Management Interface feature to enable/disable services per
network interface. The management interface configuration is kept separate
from the firewall configuration, but both configuration methods can affect
the Input Filter. Allow rules for enabled management services are added
per interface
❼ SSH: TCP port 22 is opened for interfaces where management via SSH
has been enabled. (This also enables use of SCP for remote file access,
see
❼ Telnet: TCP port 23 is opened for interfaces where management via
Telnet has been enabled.
❼ HTTP: TCP port 80 is opened for interfaces where management via HTTP
has been enabled.
❼ HTTPS: TCP port 443 is opened for interfaces where management via
HTTPS has been enabled.
❼ SNMP: UDP port 161 is opened for interfaces where management via
SNMP has been enabled.
❼ (IPConfig:) If management via IPConfig service has been enabled, no
corresponding allow rule is required - IPConfig protocol packets are in-
stead filtered by other (lower-level) mechanisms in WeOS.
7. Default Policy: Packets not matching any of the rules above will be handled
according the default policy for the input filter chain.
31.1.2.3.2
Forwarding Filter
1. Packet modification: Defined packet modifications are always performed
before all filter rules, implicit and configured. Please see
for
additional details.
2. Established/Related: Packets part of (or related) to established connections
will be accepted. This rule is put first of the forwarding filters for perfor-
mance reasons - the majority of all accepted packets will match this rule.
3
As of WeOS v4.17.0 ”allow” rules for enabled management services are added given that the
”Default policy” for the input filter is set to ”deny”. If the default policy is changed to ”allow”, then
”deny” rules for disabled management interfaces will be inserted instead.
692
➞ 2015 Westermo Teleindustri AB