Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
userdoc:tt_firewall_plugins [2017/02/27 16:48] abelbeck [dyndns-ipv6-forward] |
userdoc:tt_firewall_plugins [2020/02/21 15:55] abelbeck [pptp-vpn] |
||
---|---|---|---|
Line 40: | Line 40: | ||
==== dyndns-host-open ==== | ==== dyndns-host-open ==== | ||
- | This implements support to open ports for DynDNS | + | This plugin provides EXT-> |
+ | Should the hostname resolve to multiple IPv4 addresses, a rule for each address will be opened. | ||
- | If you allow common services, in particular SIP or SSH, from public dynamic IPv4 addresses, it is highly recommended to enable this plugin and don't allow these services from the public by default. | + | If you allow common services, in particular SIP or SSH, only from public dynamic IPv4 addresses, it is highly recommended to enable this plugin and don't allow these services from the public by default. |
(IPv4-only) | (IPv4-only) | ||
Line 55: | Line 56: | ||
(IPv6-only) | (IPv6-only) | ||
+ | |||
+ | |||
+ | ==== dyndns-ipv6-open ==== | ||
+ | !!Note: this plugin is not available until AstLinux 1.2.10 and later.!!\\ | ||
+ | This plugin provides EXT-> | ||
+ | Should the hostname resolve to multiple IPv6 addresses, a rule for each address will be opened. | ||
+ | |||
+ | If you allow common services, in particular SIP or SSH, only from public dynamic IPv6 addresses, it is highly recommended to enable this plugin and don't allow these services from the public by default. | ||
+ | |||
+ | !!Tip ->!! Similar functionality as the IPv4 dyndns-host-open plugin except using IPv6 with AAAA DNS records. | ||
+ | |||
+ | (IPv6-only) | ||
+ | |||
+ | |||
==== ids-protection ==== | ==== ids-protection ==== | ||
This implements Intrusion-Detection-System (IDS) protection. It will block remote hosts trying to scan/access your system on firewalled ports. | This implements Intrusion-Detection-System (IDS) protection. It will block remote hosts trying to scan/access your system on firewalled ports. | ||
Line 92: | Line 107: | ||
(IPv4-only) | (IPv4-only) | ||
+ | |||
+ | ==== net-prefix-translation ==== | ||
+ | !!Note: this plugin is not available until AstLinux 1.3.0 and later.!!\\ | ||
+ | Commonly used with static assigned ULA (Unique Local IPv6 Unicast Addresses) | ||
+ | (RFC4193) prefixes on local networks and perform a 1:1 mapping to a | ||
+ | GUA (IPv6 Global Unicast Address) (RFC3587) prefix provided by your ISP. | ||
+ | Should the GUA prefix change, the local ULA prefix can remain the same. | ||
+ | |||
+ | |||
+ | (IPv6-only) | ||
==== openvpn-server ==== | ==== openvpn-server ==== | ||
Line 107: | Line 132: | ||
+ | ==== parasitic-net ==== | ||
+ | !!Note: this plugin is not available until AstLinux 1.3.0 and later.!!\\ | ||
+ | This Parasitic Network plugin allows " | ||
+ | This network of " | ||
+ | |||
+ | This Parasitic Network is useful for situations when the upstream firewall | ||
+ | is not under your control and you desire added security for specific devices | ||
+ | in your subnet. | ||
+ | external IPv4 address of this device. | ||
+ | |||
+ | To be effective, be certain the Parasitic Network clients are IPv4-only. | ||
+ | |||
+ | (IPv4-only) | ||
==== pptp-vpn-passthrough ==== | ==== pptp-vpn-passthrough ==== | ||
!!Note: this plugin is not available until AstLinux 1.2.5 and later.!!\\ | !!Note: this plugin is not available until AstLinux 1.2.5 and later.!!\\ | ||
Line 114: | Line 152: | ||
==== pptp-vpn ==== | ==== pptp-vpn ==== | ||
- | !!Automatically Enabled!!\\ | + | !!Note: this plugin |
- | This plugin | + | |
- | + | ||
- | The firewall must be enabled for the PPTP VPN to properly function. | + | |
==== sip-user-agent ==== | ==== sip-user-agent ==== | ||
Line 162: | Line 197: | ||
(IPv4-only) | (IPv4-only) | ||
+ | |||
+ | ==== wireguard-vpn ==== | ||
+ | !!Note: this plugin is not available until AstLinux 1.3.2 and later.!!\\ | ||
+ | !!Automatically Enabled!!\\ | ||
+ | This plugin adds all required rules for using the WireGuard VPN. | ||
+ | |||
+ | The firewall must be enabled for the WireGuard VPN to properly function. | ||
+ |