securityrouter.org
Firewalling - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/Firewalling
From securityrouter.org, an OpenBSD-based firewall. The firewall is a stateful layer 3 (e.g. IP) to layer 4 (eg. TCP) packet filter. Together with proxies. And VPN flows they are what defines the router's security policies. The firewall is dual-stack by default, meaning that all rules that doesn't explicitly specify an address family works for both IPv4 and IPv6. Increasing the state limit. Packets paths and chaining. Redirection and port forwarding. Forwarding to an FTP server. That being said, the rule...
securityrouter.org
Serial console - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/Serial_console
From securityrouter.org, an OpenBSD-based firewall. USB to RS-232 converter. The console can either be a standard PC monitor (video), a virtual machine console or a serial (RS-232) port. The Halon HSR hardware appliances, as well as typical Halon VSR installations on "embedded" hardware such as Soekris [1]. Uses the serial port as console. Connecting to a serial console. Make sure that you computer has a serial port (usually a DE-9 [3]. Or purchase a "USB to RS-232" adapter. On Mac, run. On Linux, run.
securityrouter.org
Users - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/Users
From securityrouter.org, an OpenBSD-based firewall. The system has multiple access levels for administrators (users). For VPN users, see the VPN server. Documentation. Users admin. Access (see root access. Unless overridden. Other users may be assigned to a specific login class. Some login classes are included, and custom classes may be added with the capabilities available below. The built-in classes are:. The standard class that all users have, making them standard administrators. And can be used like.
securityrouter.org
Configuration file - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/Configuration_file
From securityrouter.org, an OpenBSD-based firewall. This page mainly describes the syntax of the configuration. The functionality of the system is fully defined by its configuration file, and system modifications such as skeleton files. Is enabled. Since root access is disabled by default, administrators can normally get a complete picture of the system by studying the configuration file. From the web administration, it can be viewed on the Configuration Plain-text editor page. Using the CLI. Whenever a ...
securityrouter.org
Configure - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/Configure
From securityrouter.org, an OpenBSD-based firewall. This page describes how to interact with the configuration file. Command. Configure may be invoked from the CLI. Interface, or from the system shell, its privilege level is inherit from the invoking user. Once started. Present you with an interactive prompt. Type. For a complete list of commands. Admin@fw1.halon.se configure [] admin@fw1.halon.se#. Checkout [ revision ]. Log [ limit ]. Working with the configuration. Enter a configuration scope. Show a ...
securityrouter.org
Addressing - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/Addressing
From securityrouter.org, an OpenBSD-based firewall. This article deals primarily with IP addressing; a fundamental but yet important matter. A network device, such as a computer or router, usually have one or more IP addresses, assigned to network interfaces. The interface can be physical (which is the most common case), or logical, which would be the case when for example creating a VLAN. Below are some important facts and constraints regarding IP addressing:. Addresses affect the routing table. With an...
securityrouter.org
Supported hardware - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/Supported_hardware
From securityrouter.org, an OpenBSD-based firewall. The security router software is based on OpenBSD 5.9. It runs on effectively any x86 computers/servers and virtualization hosts, and makes a great choice both for affordable Mini-ITX. Appliances (with Intel Atom or AMD Geode CPUs) as well as high-end servers (preferably with AES-NI. For high VPN throughput). OpenBSD has its own hardware compatibility list for i386. PC Engines ALIX 2D3. Fast boot, AES acceleration, use i386. Intel i3-3220, use amd64.
securityrouter.org
SOAP - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/SOAP
From securityrouter.org, an OpenBSD-based firewall. The system may be fully controlled using our API. It's primarily SOAP [1]. Simple Object Access Protocol) which is an XML-based RPC-over-HTTP protocol. The web administration included is in fact a web site running inside a jail, connecting to the backend. Control process) using SOAP. For local scripting see root access. Representational state transfer) or RESTful. The API calls are listed and commented in the WSDL [3]. An example in PHP how to checkout,...
securityrouter.org
Proxies - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/Proxies
From securityrouter.org, an OpenBSD-based firewall. Some protocol may need to be assisted by a proxy in order to work properly through a NAT firewall. It's due to historical design flaws in these protocols that dates back before NAT became widely used. These proxies are disabled by default, and do not support IPv6. By concept (these problems should not be transfered to a IPv6 environment). The firewall isn't configured to forward external traffic on port 12345 to the FTP client. This proxy should ONLY.
securityrouter.org
REST - securityrouter.org, an OpenBSD-based firewall
http://securityrouter.org/wiki/REST
From securityrouter.org, an OpenBSD-based firewall. Representational state transfer) or RESTful. APIs have become increasingly popular. Because it's not perfectly fit for all the functionality that our system provides, our primary API is SOAP. We do however realise that there might be cases when SOAP is not an option, and therefore provide a REST proxy. Input and output is JSON encoded, and the arguments are described on the SOAP. Page and XLST styled WSDL file accessible as https:/ system/remote/. Count...