Site Tools


advanced-firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
advanced-firewall [2023/05/28 04:34] – [Multicast] -condense, clarify IGMP Snooping hogwildadvanced-firewall [2023/05/28 04:37] – [Firewall] -condense hogwild
Line 8: Line 8:
 {{:pasted:20220118-182859.png}} \\ {{:pasted:20220118-182859.png}} \\
  
- \\  \\ **WAN interfaces respond to ping and traceroute:  **If enabled, this allows your device to reply to ICMP ping and traceroute request packets from Internet hosts. This is necessary for //ping //and //traceroute to //work from the Internet.+ \\ **WAN interfaces respond to ping and traceroute:  **If enabled, this allows your device to reply to ICMP ping and traceroute request packets from Internet hosts. This is necessary for //ping //and //traceroute to //work from the Internet.
  
 **Limit communication to:  **This specifies the maximum number of requests per second to which the Firewall will reply. Setting a limit number is recommended to prevent DDoS attacks.\\   \\   \\ {{:pasted:20220118-183317.png}}\\ **Limit communication to:  **This specifies the maximum number of requests per second to which the Firewall will reply. Setting a limit number is recommended to prevent DDoS attacks.\\   \\   \\ {{:pasted:20220118-183317.png}}\\
  
- \\  \\ **Enable TCP SYN cookies:  **Enabling this protects the router from SYN Flood attacks via the "SYN cookies" technique. This function encodes information from the SYN packet into the (SYN/ACK) response. This is a standard method for preventing SYN floods. However, it has certain limitations which may cause issues with some old TCP/IP stacks.+ \\ 
 + 
 +**Enable TCP SYN cookies:  **Enabling this uses the "SYN cookies" technique to protect the router from SYN Flood attacks. This function encodes information from the SYN packet into the (SYN/ACK) response. This is a standard method for preventing SYN floods. However, it has certain limitations which may cause issues with some old TCP/IP stacks.
  
 **Enable DCSP Fix:  **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast. **Enable DCSP Fix:  **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast.
advanced-firewall.txt · Last modified: 2023/05/28 05:39 by hogwild