Versionen im Vergleich

Alte Version 2

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.


Seiteneigenschaften




Description:
This document describes how individual firewall rules can be configured for time-controlled activation and deactivation by means of the cron table.


Requirements:


Procedure:
1) The first step is to configure a firewall rule that is to be activated or deactivated depending on the time. A deny-all rule is configured in this example.
2) In the Configuration dialog of the LANCOM router, navigate to the menu Firewall/QOS
->
Rules and then click on the Rules button.
Image Removed
Image Added
3) Click on the Add button.
Image Removed
Image Added
4) On the General tab, set a Name for this rule (e.g. DENY-All). Then go to the Actions tab and access the settings for the action object REJECT.

Image Removed

Image Added

5) On the Stations tab, select under Connection source the option Connections from all stations and under Connection destination set the option Connections to all stations.

6) On the Services tab, specify that the rule applies for all protocols/source services and all protocols/target services.

Image Removed

Image Added

7) Then click on the OK button and exit the dialog for configuring the firewall rules.

8) Cron table operations are time dependent, so it is necessary to synchronize the time via the router's NTP client. You can configure an NTP server in the router under Date & Time

->

Synchronization

9) Enable the option Synchronize to a time server using NTP at regular intervals and then click on the Time server button.

Image Removed

Image Added

10) Add any time server from the list. Then close the dialog with OK.

Image Removed

Image Added

11) The next step is to go to the menu Date & Time

->

General and enter the following into the Cron table.

Image Removed

Image Added

12) In this example, the firewall rule named DENY-ALL is automatically enabled at 02:00 AM. Enter the appropriate values under Hours and Minutes. In the Commands field, enter the shell command that enables the firewall rule.

The syntax is set Setup/

setup/ip

IP-

router

Router/

firewall

Firewall/

rules

Rules/DENY-ALL

* * * * * * yes

{Firewall-Rule} Yes.

Image Removed

Image Added

13) This rule only applies for new sessions. Existing connections can continue to be used. In order to disconnect these too, we recommend that you program an interruption of your Internet connection. To do this, create another entry in the Cron table as follows:

The syntax in the Commands field is do /o/m/d <name of Internet remote peer> (e.g. INTERNET).

Image Removed

Image Added

14) In this example, the firewall rule named DENY-ALL is automatically enabled at 6:00 AM. You will need to add a new entry to the cron table and enter the corresponding time in Hours and Minutes. In the Commands field, enter the shell command that disables the firewall rule.

The syntax is set Setup/

setup/ip

IP-

router

Router/

firewall

Firewall/

rules

Rules/DENY-ALL

* * * * * * no

{Firewall-Rule} No.

Image Removed

Image Added

15) Close all configuration dialogs and write the configuration back to the LANCOM router.