This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
advanced-firewall [2022/01/21 02:49] – old revision restored (2022/01/21 02:45) hogwild | advanced-firewall [2023/05/28 04:37] – [Firewall] -condense hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Firewall ====== | ||
+ | |||
+ | The Firewall page allows you to configure options to protect or facilitate various types of network communications. | ||
+ | |||
+ | |||
===== Firewall ===== | ===== Firewall ===== | ||
- | The Firewall page allows you to configure options to protect/ | + | {{: |
- | {{: | + | \\ **WAN interfaces respond to ping and traceroute: |
- | **Limit communication to **- Specifies | + | **Limit communication to: |
\\ | \\ | ||
- | {{:pasted: | + | **Enable TCP SYN cookies: |
- | **Enable | + | **Enable |
- | **Enable DCSP Fix** - This enables a workaround for a well-known issue related to DSCP (packet marking) when connected to the Comcast ISP. | + | **Allow DHCP Spoofing: |
- | **IPv6 IPSec Passthrough** - FIXME\\ \\ | + | **Smart MTU black hole detection:** |
- | \\ | ||
- | {{: | + | ===== NAT ===== |
- | **NAT loopback** | + | **NAT loopback:** This technique allows LAN devices to access |
* All | * All | ||
Line 27: | Line 31: | ||
* Disabled | * Disabled | ||
- | **NAT target** - Defines | + | \\ |
+ | |||
+ | {{:: | ||
+ | |||
+ | **NAT target** - This defines | ||
\\ | \\ | ||
- | Multicast\\ {{: | ||
- | **Enable IGMP proxy** - Runs the IGMP (Internet Group Management Protocol) | + | ===== Multicast ===== |
+ | |||
+ | \\ \\ {{: | ||
+ | |||
+ | **Enable IGMP proxy** - Checking this enables | ||
+ | |||
+ | LAN0 - LAN3 Specifies which bridges will participate | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
\\ | \\ | ||
- | {{: | + | **Enable quick leave** - This is a feature of IGMP v2 and later. Enabling this allows the router to stop streaming multicast to an IP address as soon as that device sends a "quick leave" IGMP packet. |
+ | |||
+ | **Custom Configuration** - This option allows you to set advanced parameters for the IGMP proxy daemon. Consult official IGMP documentation before using this.\\ | ||
+ | |||
+ | | ||
- | **Enable Udpxy** - Like IGMP proxy, Udpxy allows multicast communications between | + | **Enable Udpxy** - Like IGMP proxy, Udpxy allows multicast communications between |
- | **Upstream interface** - Defines where the stream source is expected to live. (Default: blank). | + | **Upstream interface** - Here, enter the stream source is expected to live. (Default: blank). |
- | **LAN0/ | + | **LAN0/ |
- | **Enable client statistics** - Enabling this causes FreshTomato to collect | + | **Enable client statistics** - Enabling this causes FreshTomato to collect |
- | **Max clients -** Considering this is a lightwave | + | **Max clients - ** This represents the maximum number of simultaneous Udpxy clients. Udpxy is is a lightweight |
- | **Udpxy port**- This is where you can consult the Udpxy information | + | **Udpxy port**- This specifies the port on which you can recive |
- | {{: | + | **Efficient Multicast Forwarding (IGMP Snooping) |
- | **Efficient Multicast Forwarding (IGMP Snooping) -** IGMP snooping is a way to have the switch | + | therefore, multicast network misconfiguration or other deficiencies can appear as UPnP issues rather than underlying network issues. If IGMP snooping is enabled on a switch, or more commonly a wireless |
- | **Force IGMPv2** - IGMPv2 enhances the IGMP communication supporting additional messages/ | + | **Force IGMPv2** - IGMPv2 enhances the IGMP communication supporting additional messages/ |