Skip to main content

Layer 2 Firewall (L2FW)

Installation files

Caution

  • This Router App has been tested on a router with firmware version 6.3.10. After updating the router firmware to a higher version, check whether a newer version of the Router App has also been released and update it accordingly for compatibility.

Module Usage

Description

The Layer 2 Firewall Router App allows you to specify filtering rules for data incoming to the router based on source MAC address. The rules are processed on the Data Link layer (Layer 2 of the OSI model) and are applied to all interfaces, not just the WAN interface.

Web Interface

Once the installation is complete, access the Router App's web interface by clicking the Router App name on the Router Apps page of the router's web interface.

The left panel of the web interface contains a menu with a Status section, followed by a Configuration section which contains the Rules page for defining filtering rules. The Customization section contains only the Return item, which switches back from the Router App's web page to the router's web configuration pages. The main menu of the Router App's web interface is shown in the figure below.

Main menu
Main menu

Rules Configuration

Rules are configured on the Rules page under the Configuration menu section. There are twenty-five rows available for rule definitions.

Each row consists of a check box, a Source MAC Address field, and an Action field. Checking the checkbox enables the rule on that row. The source MAC address must be entered in double-colon notation and is case insensitive. This field can be left blank, which means it matches all MAC addresses. The action can be set to allow or deny, permitting or blocking incoming packets accordingly. Rules are processed from top to bottom. When the MAC address of an incoming packet matches a rule, that rule is evaluated and processing stops.

Checking the Enable filtering of layer 2 frames checkbox at the top of the page enables the entire filtering process. Click the Apply button at the bottom of the page to save any changes.

Example of rules configuration
Example of rules configuration

Caution

Denying incoming packets for all MAC addresses (using an empty source address field) will block all administrative access to the router. The only solution is to perform a hardware reset, which will restore the router to its default state, including the settings of this Router App.

Configuration Example

The figure below shows an example configuration where incoming communication is permitted from only four specific MAC addresses. A fifth rule with a deny action and an empty source address field is required to block traffic from all other MAC addresses.

Example of rules configuration
Example of rules configuration

Module Status

The current global status of the Router App can be viewed on the Global page under the Status section.

Status page
Status page