FreshTomato Wiki

User Tools

Site Tools

Trace:
advanced-firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
advanced-firewall [2022/01/21 02:54] – clarity, grammar hogwildadvanced-firewall [2022/01/21 02:57] – clarity, condense hogwild
Line 3: Line 3:
 The Firewall page allows you to configure options to protect/facilitate certain network communications.\\  \\ The Firewall page allows you to configure options to protect/facilitate certain network communications.\\  \\
  
-{{:pasted:20220118-182859.png}}\\  \\ **WAN interfaces respond to ping and traceroute** - When enabled, this allows your device will reply to certain ICMP/UDP packets so that //ping //and //traceroute //from Internet hosts will work.+{{:pasted:20220118-182859.png}}\\  \\ **WAN interfaces respond to ping and traceroute** - If enabled, allows your device to reply to certain ICMP/UDP packets from Internet hosts so that //ping //and //traceroute //will work from the Internet.
  
 **Limit communication to **- Specifies the maximum number of requests per second to which the Firewall will reply. Setting a limit number is recommended to prevent DDoS attacks.\\ **Limit communication to **- Specifies the maximum number of requests per second to which the Firewall will reply. Setting a limit number is recommended to prevent DDoS attacks.\\
Line 11: Line 11:
 {{:pasted:20220118-183317.png}}\\ {{:pasted:20220118-183317.png}}\\
  
-**Enable TCP SYN cookies** - Enabling this protects the router from SYN Flood attacks via well-known technique called "SYN cookies". This function encodes information from the SYN packet into the response (SYN/ACK). Despite being a standard technique, enabling this will create some secondary limitations that may not be handled well by some old TCP/IP stacks.+**Enable TCP SYN cookies** - Enabling this protects the router from SYN Flood attacks via the well-known "SYN cookies" technique. This function encodes information from the SYN packet into the response (SYN/ACK). Despite being a standard technique, enabling this will create some secondary limitations that may not be handled well by some old TCP/IP stacks.
  
 **Enable DCSP Fix** - This enables a workaround for a well-known issue related to DSCP (packet marking) when connected to the Comcast ISP. **Enable DCSP Fix** - This enables a workaround for a well-known issue related to DSCP (packet marking) when connected to the Comcast ISP.
Line 21: Line 21:
 {{:pasted:20220118-184523.png}}\\ {{:pasted:20220118-184523.png}}\\
  
-**NAT loopback** - also known as "Hairpinning", this technique allows LAN devices to access another LAN device via the WAN interface of your router. This is common practice, for example when connecting to the DDNS domain of your router from the LAN (for administration purposes). This legacy setting is rarely, if ever needed nowadays. It also can create a bottleneck on fast connections.+**NAT loopback** - also known as "Hairpinning", this technique allows LAN devices to access another LAN device via the WAN interface of your router. This is common practice, for examplewhen connecting to the DDNS domain of your router from the LAN (for administration purposes). This legacy setting is rarely, if ever needed nowadays. It also can create a bottleneck on fast connections.
  
   * All   * All
advanced-firewall.txt · Last modified: 2023/05/28 05:39 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki