notempty
notempty
notempty Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!
notempty
Der Artikel für die neueste Version steht hier
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Reseller-Preview bezieht
Implied rules of the UTM
Last adaptation to the version: 12.1 (02.2021)
- New:
- New rule for the Wireguard protocol
- New rules for Fail2Ban (BlockChain section)
- Omission of the Implied rules for the PPTP protocol As a proven insecure protocol, PPTP VPN is no longer supported by the UTM.
- Omission of the rules for clientless VPN The webserver is acting as a reverse proxy, additional port are no longer necessary
Previous versions: 11.7
Implied rules
Settings in menu
Implied rules have been added for certain use cases. These rules can be easily activated or deactivated by the user as needed. Some of these rules are already active by default.
Group | Rule | Description | Active (default value) |
---|---|---|---|
BlockChain | Monitoring of accesses to the UTM with Fail2Ban rules. Further configuration under . See Wiki article |
On | |
FailToBan_ssh | Access via ssh | On | |
FailToBan_http_admin | Access via the Admin Interface | On | |
FailToBan_http_user | Access via the User interface | On | |
FailToBan_smtp | Access via the Mailgateway | On | |
CaptivePortal | Enable redirection of traffic to a landingpage | Off | |
CaptivePortalPage | Opens an incoming port on the corresponding interface of the firewall that is intended for the captive portal to display the landingpage. | Off | |
CaptivePortalRedirection | Redirection of traffic to the above mentioned port. | Off | |
IPComp | IPComp | Accepts connections with IPComp protocol (compression of data packets, IP protocol number 108) | Off |
IpsecTraffic | Off | ||
Accept | Accepts incoming and outgoing traffic of an IPSec connection. | On | |
No NAT for IPSec connections | Takes all IPSec connections from the NAT |
Off | |
Silent Services Accept | Bootp | Accepts
|
On |
Silent Services Drop | NetBios Datagram | Discards these packages without log message | On |
NetBios Nameservice | Discards these packages without log message | On | |
Discards these packages without log message | On | ||
VPN | IPSec IKE | Accepts connections on port 500/UDP | On |
IPSec ESP | Accepts connections with the ESP protocol (50) | On | |
IPSec NAT Traversal | Accepts connections on port 4500/UDP | On | |
SSL VPN UDP | Accepts connections on ports for which an SSL VPN instance has been configured with the UDP protocol | On | |
SSL VPN TCP | Accepts connections on ports for which an SSL VPN instance has been configured with the TCP protocol | On | |
User Interface Portal | Accepts connections on port 443/TCP. Required for the user interface. | Off | |
Wireguard | Enables connections with the Wireguard protocol. | Off |
Clientless VPN VNC | Akzeptiert Verbindungen auf Port 2107/TCP | Aktiv | |
Clientless VPN RDP | Akzeptiert Verbindungen auf Port 2907/TCP | Aktiv |