Implied rules

UTM v12.7.0 Firewall Implizite Regeln Kacheln-en.png

Implied rules of the UTM

Last adaptation to the version: 14.0.1 (01.2025)

New:

Einstellungen für GeoIP Sperrungen verschoben zu IDS/IPS

Show previous changes (12.7.0)

notempty

This article refers to a Resellerpreview

12.7 12.5 12.4 12.2 12.1 11.7

Implied rules

Settings in menu Firewall Implied rules .
Implied rules have been added for certain use cases. These rules can be easily activated or deactivated by the user as needed. Some of these rules are already active by default.

notempty

The access zones are not relevant for these rules.

Group	Rule	Description	Protocol	Port	Active (Default)
BlockChain		Activates / deactivates the entire group			AllSomeNone
	FailToBan_ssh	Access via ssh.Monitoring with Fail2Ban rules. Configuration Configuration at Applications IDS / IPS Wiki article	TCP	22	On
	FailToBan_http_admin	Access via the Admin Interface. Monitoring with Fail2Ban rules. Configuration Configuration at Applications IDS / IPS Wiki article Change port Port changes possible at Network Appliance Settings	TCP	11115*	On
	FailToBan_http_user	Access via the User interface. Monitoring with Fail2Ban rules. Configuration Configuration at Applications IDS / IPS Wiki article Change port Port changes possible at Network Appliance Settings	TCP	443*	On
	FailToBan_smtp	Access via the Mailgateway. Monitoring with Fail2Ban rules. Configuration Configuration at Applications IDS / IPS Wiki article Change port Port changes possible at Applications Mailrelay Area Smarthost	TCP	25*	On
CaptivePortal		Enable redirection of traffic to a landingpage			AllSomeNone
	CaptivePortalPage	Opens an incoming port on the corresponding interface of the firewall that is intended for the captive portal to display the landingpage. Change port Port changes possible at Applications Captive Portal Area Advanced	TCP	8085*	Off
	CaptivePortalRedirection	Redirection of traffic to the above mentioned port.			Off
IPComp					AllNone
IPComp	IPComp	Accepts connections with IPComp protocol (compression of data packets, IP protocol number 108)	IPComp		Off
IpsecTraffic		Activates / deactivates the entire group			AllSomeNone
	Accept	Accepts incoming and outgoing traffic of an IPSec connection.			On
	No NAT for IPSec connections	Takes all IPSec connections from the NAT Changed default setting for new installations as of v12.5			Off
Silent Services Accept	Bootp	Accepts Requests for the bootstrap protocol Bootp to transmit an IP address and possibly further parameters. Requests for DHCP (extension of Bootp)	UDP	67	AllNone
				68

Silent Services Drop					AllSomeNone
	NetBios Datagram	Discards these packages without log message	UDP	138	On
	NetBios Nameservice	Discards these packages without log message	UDP	137	On
	NetBios Session Service	Discards these packages without log message	UDP	139	On
VPN					AllSomeNone
	IPSec IKE	Accepts connections on port 500/UDP	UDP	500	On
	IPSec ESP	Accepts connections with the ESP protocol (50)	ESP		On
	IPSec NAT Traversal	Accepts connections on port 4500/UDP	UDP	4500	On
	SSL VPN UDP	Accepts connections on ports for which an SSL VPN instance has been configured with the UDP protocol	UDP	1194	On
	SSL VPN TCP	Accepts connections on ports for which an SSL VPN instance has been configured with the TCP protocol	TCP	1194	On
	User Interface Portal	Accepts connections on port 443/TCP. Required for the user interface.	TCP	443	On
	Wireguard	Enables connections with the Wireguard protocol. Change port Port changes possible at VPN WireGuard Button edit connection	UDP	51280*	On