Port Filter
Overview
The Portfilter works by defining filter groups with ALLOW/DENY actions and assigning the filter rules to them.
When creating a new Filter Group with the DENY default action, Port 80 (HTTP) and Port 443 (HTTPS) will be added as ALLOW rule.
This is necessary in order for Surf-LAN clients to reach the Login Page and should not be altered outside of very specific usecases.
This is necessary in order for Surf-LAN clients to reach the Login Page and should not be altered outside of very specific usecases.
Groups
Groups require a name and a default action which can either be Allow or Deny.
In case the default action is Allow, all traffic is allowed except for the defined ports.
If the default action is Deny, then all traffic is denied except for the defined ports.
These groups can then be assigned to Ticket Templates:
Rules
Besides a small set of predefined rules, custom rules can be created to Allow/Deny/Log any desired port/protocol combination.
These rules must be assigned to filter groups which in turn are then assigned to ticket templates.