Differences

This shows you the differences between two versions of the page.

doc:uci:firewall [2013/10/29 10:32]
zorun DNAT example: make it compatible with NAT reflection
doc:uci:firewall [2014/03/03 13:45] (current)
ayaka more security
Line 478: Line 478:
<code> <code>
config zone config zone
 +        option name            example
        option input            ACCEPT         option input            ACCEPT
        option output          ACCEPT         option output          ACCEPT
Line 492: Line 493:
<code> <code>
config zone config zone
 +        option name            example
        option input            ACCEPT         option input            ACCEPT
        option output          ACCEPT         option output          ACCEPT
Line 508: Line 510:
<code> <code>
config zone config zone
 +        option name            example
        option input            ACCEPT         option input            ACCEPT
        option output          ACCEPT         option output          ACCEPT
Line 546: Line 549:
option dest lan option dest lan
option src wan6 option src wan6
 +#you don't need the below as you can a firewall rule to open the port that you need
config forwarding config forwarding
option dest wan6 option dest wan6
Line 603: Line 606:
When connection attempts are //dropped// the client is not aware of the blocking and will continue to re-transmit its packets until the connection eventually times out. Depending on the way the client software is implemented, this could result in frozen or hanging programs that need to wait until a timeout occurs before they're able to continue. When connection attempts are //dropped// the client is not aware of the blocking and will continue to re-transmit its packets until the connection eventually times out. Depending on the way the client software is implemented, this could result in frozen or hanging programs that need to wait until a timeout occurs before they're able to continue.
 +
 +Also there is an interesting article which that claims dropping connections doesnt make you any safer - [[http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject|Drop versus Reject]].
**DROP** **DROP**

Back to top

doc/uci/firewall.1383039171.txt.bz2 · Last modified: 2013/10/29 10:32 by zorun