Manualshelf

User's Manual

ManualsBrandsTranzeo Wireless Technologies ManualsElectronicsWIRELESS MESH ROUTER
111112113114115116117118119120
Chapter 15: Controlling Access to the EnRoute500
TR0153 Rev. E1 118
Block client traffic on certain ports
Block traffic from a given client access interface to a certain subnet
The custom firewall rules can be added on the “Custom Rules” sub-tab on the “Firewall tab on
the “Security” page as shown in Figure 50. These rules are specified as you would specify
rules for iptables, with the exception of the chain that they are to be added to cannot be
specified. All rules will be applied to the iptables forwarding chain.
List one rule per line in the text box on the Custom Rules” tab and click on the Save and
Apply Changes” button when all rules have been entered. The following examples of custom
rules illustrate how to use the custom firewall interface.
Blocking SMTP traffic 25
This rule will block all SMTP traffic, which uses port 25.
-dport 25 -j DROP
Limiting Access Based on Client Access Interface
Packets can be filtered based upon which interface they were received through. For example,
wlan1 and wlan2 can be used to provide users with access to two different, private subnets,
while wlan3 users have access to neither of these subnets. Users of all wlans would have
access to the Internet though. The following rules will:
Drop traffic from wlan1 destined for the 192.168.2.0 subnet
Drop traffic from wlan2 destined for the 192.168.1.0 subnet
Drop traffic from wlan3 destined for the 192.168.1.0 and 192.168.2.0 subnets
-i wlan1 --dst 192.168.2.0/24 -j DROP
-i wlan2 --dst 192.168.1.0/24 -j DROP
-i wlan3 --dst 192.168.1.0/24 -j DROP
-i wlan3 --dst 192.168.2.0/24 -j DROP