IPv6 - Firewall level - Manage Network Settings

IPv6 - Firewall level - Manage Network Settings

100% helpful (1/1)

firewall.jpg

 

IP addresses make data transfers in the Internet possible. However, the number of IP addresses available in the world is limited. IPv6 is the new version of a protocol that specifies the IP address format, among other things. Read on to find out how to activate IPv6 and how to authorise incoming and outgoing connections.

 

The Internet-Box offers personal expert settings for network and IP addresses. To make changes to these settings, enter “http://internetbox” or “192.168.1.1” in your browser and log in with your Internet-Box “admin” password. Switch to expert mode and select the menu item “Network”. IPv6 is activated as standard on the Internet-Box when using the standard IPv6 firewall level.

 

Firewall level setting

The firewall offers protection to your home network from unauthorised access via the Internet. To specify the incoming and outgoing connections that you would like to authorise, you can select from a range of firewall levels or define rules manually. The strict level is set for all Internet-Boxes by default (from Internet-Box release 11.3). The following provides a description and a brief explanation of the different levels:

  • Deactivated: Only one basic data traffic control is activated to protect against invalid and harmful data traffic because the firewall has been deactivated. This mode is not recommended.
  • Standard: If the “standard” firewall level is activated, IPv6 data traffic is permitted in both directions (incoming and outgoing) with the exception of a group of standard protocols. IPv4 data traffic can only be initiated from the home network to the Internet.
    Other basic data traffic controls are activated to protect against illegal and harmful data traffic.
  • Strict: If the “strict” firewall level is activated, IPv6 data traffic is permitted in both directions (incoming and outgoing) with the exception of a group of standard protocols. IPv4 data traffic can only be initiated from the home network to the Internet.
    Other basic data traffic controls are activated to protect against illegal and harmful data traffic.
  • User-defined (Advanced): You can configure the firewall settings independently.

User-defined firewall settings

  1. Go to “User-defined” and click “Configure” to define your rule.

firewallsettings_2_en.png

 

  1. Click the dropdown menu and select an option to define a basic procedure.
     For IPv4, “Permit outbound IPv4 data traffic” is the default setting
     For IPv6, “Block incoming / Allow outgoing” is the default
  2. Click “Save” 
  3. If you wish, you can add a rule; to do so, click “Add new rule”.

firewallsettings_3_en.png

  1. You now have two options to choose from. The default setting allows you to create your own rule for each aspect. For a user-friendly configuration, opt for one of the predefined rules. Select it from the dropdown list underneath.
  2. If you select predefined rules, you will still be able to change parameters such as protocol, port and procedures. You can now also define rules for individual devices.

firewallsettings_5_en.png

  1. Click “Save”  to define and activate the rule.

firewallsettings_6_en.png

 

 

LAN protocols

There are two categories: Firstly, the “LAN protocols”; that is, protocols that can typically be used only within the same local network, but not over the Internet. By default, the firewall blocks these protocols in both directions, incoming and outgoing.

 

Description

Short name

Port Number

Transport protocol

Kerberos

kerberos-sec

88

TCP/UDP

SUN Remote Procedure Call                    

sunrpc

111

TCP

Microsoft Remote Procedure Call         

msrpc

135

TCP

NETBIOS Session Service

netbios-ssn

139

TCP

Microsoft SMB Domain Server

microsoft-ds

445

TCP

Remote Login

login

513

TCP

Remote Shell

shell

514

TCP

Apple Filing Protocol

afp

548

TCP

Internet Printing Protocol

ipp

631

TCP

Simple Service Discovery Protocol

ssdp

1900

UDP

Simple Service Discovery Protocol

ssdp

2869

TCP

Web Services Dynamic Discovery

upnp-discovery

3702

UDP

Multicast DNS

mdns

5353

UDP

Link-Local Multicast Name Resolution

llmnr

5355

UDP

 

Remote maintenance protocols

Secondly, there is the group of “remote maintenance protocols”. These allow other devices to be accessed over the Internet (remote maintenance). The firewall allows these protocols in an outbound direction (e.g. http port 80, used for normal web surfing). They are blocked in the inbound direction to the home network.

 

Description

Short name

Port Number

Transport protocol

Secure Shell Login                                         

ssh

22

TCP

Telnet

telnet

23

TCP

Web GUI

http

80

TCP

Microsoft Remote Desktop Protocol    

ms-wbt-server                

3389

TCP

Virtual Network Computing                     

vnc

5900

TCP

 

 

Do you have any questions or need help with setup? The Swisscom Community will be happy to assist; simply leave a comment below.

Was this article helpful? Yes No
Contributors