This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
advanced-firewall [2022/01/21 02:49] – hogwild | advanced-firewall [2023/05/28 04:26] – [Multicast] -clarity-very hard to understand hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Firewall ===== | + | ====== Firewall |
- | The Firewall page allows you to configure options to protect/facilitate | + | The Firewall page allows you to configure options to protect |
- | {{: | ||
- | **WAN interfaces respond to ping and traceroute** - When enabled, this allows your device will reply to certain ICMP/UDP packets so that //ping //and // | + | ===== Firewall ===== |
- | **Limit communication | + | {{: |
- | \\ | + | |
- | \\ | + | |
- | {{: | + | **Limit communication to: **This specifies the maximum number of requests per second to which the Firewall will reply. Setting a limit number is recommended to prevent DDoS attacks.\\ |
- | \\ | + | |
- | | + | |
- | **Enable TCP SYN cookies** | + | |
- | **Enable DCSP Fix** - This enables a workaround for a well-known issue related to DSCP (packet marking) | + | **Enable DCSP Fix: |
- | **IPv6 IPSec Passthrough** - FIXME\\ | + | **Allow DHCP Spoofing: |
- | {{:pasted: | + | **Smart MTU black hole detection:** |
- | **NAT loopback** | + | |
+ | ===== NAT ===== | ||
+ | |||
+ | **NAT loopback:** This technique allows LAN devices to access | ||
* All | * All | ||
Line 29: | Line 27: | ||
* Disabled | * Disabled | ||
- | **NAT target** - Defines | + | \\ |
+ | |||
+ | {{:: | ||
+ | |||
+ | **NAT target** - This defines | ||
\\ | \\ | ||
- | Multicast\\ {{: | ||
- | **Enable IGMP proxy** - Runs the IGMP (Internet Group Management Protocol) | + | ===== Multicast ===== |
+ | |||
+ | \\ \\ {{: | ||
+ | |||
+ | **Enable IGMP proxy** - Checking this enables | ||
+ | |||
+ | LAN0 - LAN3 Specifies which bridges will participate | ||
+ | |||
+ | * LAN0 - Checking this means the LAN0 bridge will participate in IGMP proxy. | ||
+ | * LAN1 - Checking this means the LAN1 bridge will participate in IGMP proxy. | ||
+ | * LAN2 - Checking this means the LAN2 bridge will participate in IGMP proxy/ | ||
+ | * LAN3 - Checking this means the LAN3 bridge will participate in IGMP proxy. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Enable quick leave** - This is a feature of IGMP v2 and later. Enabling this allows the router to stop streaming multicast | ||
- | {{: | + | **Custom Configuration** |
- | **Enable Udpxy** | + | \\ {{: |
- | **Upstream interface** - Defines where the stream source | + | **Enable Udpxy** - Like IGMP proxy, Udpxy allows multicast communications between devices on different VLANs. Since their behavior |
- | **LAN0/ | + | **Upstream interface** - Here, enter the stream |
- | **Enable client statistics** - Enabling this causes FreshTomato to collect statistical information about Udpxy clients. | + | **LAN0/ |
- | **Max clients -** Considering | + | **Enable client statistics** - Enabling |
- | **Udpxy port**- Specifies | + | **Max clients - ** This represents |
- | {{: | + | **Udpxy port**- This specifies the port on which you can recive Udpxy information from your router.\\ |
- | **Efficient Multicast Forwarding (IGMP Snooping) -** IGMP snooping is a way to have the switch (router) | + | **Efficient Multicast Forwarding (IGMP Snooping) -** IGMP snooping is a way to have the switch (part of the router) |
- | **Force IGMPv2** - IGMPv2 enhances IGMP communication, supporting additional messages/ | + | **Force IGMPv2** - IGMPv2 enhances |