FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
220 views 2 comments
by
Hi,

I have a RUT950 running firmware version RUT9XX_R_00.06.06.1.  In the webUI, I had set the default input firewall policy to 'drop', under Firewall>General Settings>Input. But it seems that this does not work, I have a traffic rule that would accept only SSH input to the device but other traffic such as HTTP/S, are still being accepted.

Furthermore, the firewall configurations in /etc/config, still shows 'option input 'Accept' 'under the 'lan' zone.

Please help.

Thanks,

1 Answer

0 votes
by anonymous

Hello,

Regarding your traffic rule that would accept only SSH input, you also need to disable all other rules that allow other traffic like HTTP/HTTPS.

Furthermore, it is not enough to set default input policy to 'drop'. If you need to change zone forwarding options too. If it does not work via WebUI, you could open CLI and enter command to edit config file: vi /etc/config/firewall and change your settings manually. After that do not forget to restart firewall service by using command: /etc/init.d/firewall restart

Regards.

Best answer
by
Hi,

Is the method of manually configuring the firewall config file upgrade-proof?
by anonymous
Yes, only if you upgrade firmware with keep settings option.