Note
As a re sult, the PC in your LAN with the IP ad dress 192.168.1.42 has no pro tec ti on what soe ver from the fi re wall in
your te le pho ne sys tem at Port 22/TCP! You can re strict ac cess op tions whe re re qui red if ac cess is to al ways be ef fec -
ted from an In ter net con nec ti on with a set IP ad dress (for ex am ple T-In ter con nect). Here, any en tries which con -
tain “0. 0. 0. 0/0" should be mat ched to the known IP ad dres ses of the re mo te lo ca ti on (0. 0. 0. 0/0 is a glo bal proxy
ad dress for all IP ad dres ses).
Note
If you wish to em ploy a com bi na ti on of fil ters con si sting of fil ters that have been ge ner ated using the Fil ter Wi zard
and your own cus tom fil ters, or port map en tries, be sure to check the or der of the ru les in the tab le (you can chan ge
the or der using the but tons »up« and »down«). The “Se cu re sys tem” fil ter, which blocks all pa ckets di rec ted to ward
so-cal led pri vi le ged ports, is of fe red in the Fil ter Wi zard. In the ex am ple gi ven here this fil ter would coun te ract the
con fi gu red functio na li ty, as the ssh port (22) is a pri vi le ged port. We ur gent ly re com mend blo cking all pri vi le ged
ports that are not nee ded; it may the re fo re be ex pe dient to use the fil ter con fi gu red by the Fil ter Wi zard that has
been ap pro pria te ly adap ted, or that is lo ca ted at the ap pro pria te po si ti on in the table.
Note
If you are not sure which ports must be rou ted to the LAN PC for cer tain ap pli ca tions, or for at tai ning de fi ned user
pri vi le ges in ex chan ge net works using port map ping by your te le pho ne sys tem rou ter, en ter the name of the ap pli -
ca ti on and the terms »port« and »fi re wall« in an In ter net se arch en gi ne; con fi gu ra ti on in struc tions can usu al ly be
found qui te ea si ly in this man ner. You can re rou te one sing le port, or port ran ges (for ex am ple 4661-4665) using a
port map rule.
Fil ter Wi zard
The fi re wall is con fi gu red such that all da ta pa ckets for which no ex pli cit ru le (fil ter) exists which would ot her wi se al -
low the pa ckets to pass are re jec ted. This pro ce du re ma kes the con fi gu ra ti on of the fi re wall so mewhat mo re com pli -
ca ted, but sig ni fi cant ly re du ces the pro ba bi li ty of “over see ing” the blo cking of so me pa ckets to prevent them from
passing through the firewall.
So me fil ters con tain ru les for re jec ting pa ckets which would ac tu al ly not be re qui red for the se lec ted ba sic con fi gu ra -
ti on of the fi re wall, be cau se the fi re wall would re ject any pa ckets not en ab led by the fil ters, ba sed on the con fi gu ra ti on
car ried out by the Wi zard. The re jec ti on ru les men tio ned abo ve are ne ver the less re tai ned to re ject pa ckets used in
cer tain at tacks at the ear liest pos si ble sta ge to pre vent the pa ckets from pas sing through the en ti re chain of fil ter ru -
les; this enhances firewall performance in the event of a real attack.
Example for predefined filters in the filter wizard
Help for the va ri ous fil ters con tai ned in the Fil ter Wi zard can be found in the fi le “Fil ter_In fo.txt” in the Win-Tools
in stal la ti on di rec to ry (e.g. “C:fi les WIN-Tools Tools V6.02"), or by cli cking the cor re spon ding ”Help" button«.
Fil ter Wi zard Con fi gu re fi re wall fil ters
25
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce