FreshTomato Wiki

User Tools

Site Tools

Trace:
advanced-firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
advanced-firewall [2022/01/21 02:59] hogwildadvanced-firewall [2022/01/21 03:03] – formatting hogwild
Line 8: Line 8:
  
 **Limit communication to **- Specifies the maximum number of requests per second to which the Firewall will reply. Setting a limit number is recommended to prevent DDoS attacks.\\ **Limit communication to **- Specifies the maximum number of requests per second to which the Firewall will reply. Setting a limit number is recommended to prevent DDoS attacks.\\
 + \\
  \\  \\
 {{:pasted:20220118-183317.png}}\\ {{:pasted:20220118-183317.png}}\\
 +\\
 **Enable TCP SYN cookies** - Enabling this protects the router from SYN Flood attacks via the well-known "SYN cookies" technique. This function encodes information from the SYN packet into the response (SYN/ACK). Despite being a standard technique, enabling this will create some secondary limitations that may not be handled well by some old TCP/IP stacks. **Enable TCP SYN cookies** - Enabling this protects the router from SYN Flood attacks via the well-known "SYN cookies" technique. This function encodes information from the SYN packet into the response (SYN/ACK). Despite being a standard technique, enabling this will create some secondary limitations that may not be handled well by some old TCP/IP stacks.
  
Line 16: Line 17:
  
 **IPv6 IPSec Passthrough** - FIXME\\ \\ **IPv6 IPSec Passthrough** - FIXME\\ \\
- 
  \\  \\
- 
 {{:pasted:20220118-184523.png}}\\ {{:pasted:20220118-184523.png}}\\
 + \\
 **NAT loopback** - also known as "Hairpinning", this technique allows LAN devices to access another LAN device via the WAN interface of your router. This is common practice, for example, when connecting to the DDNS domain of your router from the LAN (for administration purposes). This legacy setting is rarely, if ever needed nowadays. It also can create a bottleneck on fast connections. **NAT loopback** - also known as "Hairpinning", this technique allows LAN devices to access another LAN device via the WAN interface of your router. This is common practice, for example, when connecting to the DDNS domain of your router from the LAN (for administration purposes). This legacy setting is rarely, if ever needed nowadays. It also can create a bottleneck on fast connections.
  
Line 40: Line 39:
  
 **Custom Configuration** - This option allows you to set up advanced parameters for the IGMP proxy daemon. Please consult the official IGMP documentation before finalizing these settings.\\ **Custom Configuration** - This option allows you to set up advanced parameters for the IGMP proxy daemon. Please consult the official IGMP documentation before finalizing these settings.\\
 + \\
  
  \\ {{:pasted:20220118-190050.png}}\\  \\  \\ {{:pasted:20220118-190050.png}}\\  \\
Line 53: Line 53:
 **Max clients -** Considering this is a lightwave protocol it works well for a limited number of clients, you might want to impose a maximum number.Specifies the maximum number of simultaneous Udpxy clients. **Max clients -** Considering this is a lightwave protocol it works well for a limited number of clients, you might want to impose a maximum number.Specifies the maximum number of simultaneous Udpxy clients.
  
-**Udpxy port**- This is where you can consult the Udpxy information on your router.\\  \\ +**Udpxy port**- This is where you can consult the Udpxy information on your router.\\ 
 +\\ 
 + \\
 {{:pasted:20220118-190844.png}}\\ {{:pasted:20220118-190844.png}}\\
 + \\
 **Efficient Multicast Forwarding (IGMP Snooping) -** IGMP snooping is a way to have the switch (router) facilitating the discovery of multicast (IGMP) clients. Beware that enabling IGMP snooping might interfere with some multicast-based applications/protocols. This issue is well-known, for example when using uPnP (Universal Plug 'n Play). **Efficient Multicast Forwarding (IGMP Snooping) -** IGMP snooping is a way to have the switch (router) facilitating the discovery of multicast (IGMP) clients. Beware that enabling IGMP snooping might interfere with some multicast-based applications/protocols. This issue is well-known, for example when using uPnP (Universal Plug 'n Play).
  
 **Force IGMPv2** - IGMPv2 enhances the IGMP communication supporting additional messages/behavior to optimise the end-to-end communication between client and server. Possibly the most important being the "Group Leave" message which is lacking instead in IGMP v1.\\ **Force IGMPv2** - IGMPv2 enhances the IGMP communication supporting additional messages/behavior to optimise the end-to-end communication between client and server. Possibly the most important being the "Group Leave" message which is lacking instead in IGMP v1.\\
 + \\
  
  
advanced-firewall.txt · Last modified: 2023/05/28 05:39 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki