Ursalink routers are equipped with a powerful firewall functions, of which access control list configuration in this guide will be explained further into details. ACL is basically 2 policies applied in different scenarios and on different interfaces, with flexible “deny” and “accept” rules, we can control data flow passing over our routers.
The control of ACL in Ursalink routers is based on the interface. Whether it is inbound or outbound, it must be considered from the perspective of the interface outside the data flow. For example:
Interface |
Direction |
Definition |
Bridge0 |
Inbound |
Source IP: internal network address Destination IP: accessible external network via Bridge0 |
Bridge0 |
Outbound |
Source IP: external network via Bridge0 Destination IP: accessible internal network address |
LAN1/WAN |
Inbound |
Source IP: Internet/WAN address Destination IP: accessible internal network address |
LAN1/WAN |
Outbound |
Source IP: internal network address Destination IP: accessible Internet/WAN address. |
Test environment:
- UR32 x 1 with internet access;
- PC x 1 connects to UR32’s LAN IP address 192.168.1.172.
Scenario 1: Accept all but PC
Default policy: Accept
ACL rule:
Interface list:
Scenario 2:
Deny all but PC
ACL rule:
Interface list:
Pro Tip:
- When filling in “Source IP” or “Destination IP”, you can leave IP and wildcard mask blank for making it refer to “any”.
- In “Interface List”, as long as there’s a rule chosen for either one of “In” or “Out”, the list can be saved.
Comments
0 comments
Please sign in to leave a comment.