Introduction for Administrative Users > Firewall/Packet Filtering on the OnBoard

Firewall/Packet Filtering on the OnBoard
Packet filtering on the OnBoard is controlled by chains and rules that are configured in iptables. (For more details about the predefined chains and rules, see Chains and Rules.)
Both the Web Manager and the cycli utility provide a way for the OnBoard administrator to add rules and to edit or delete any added rules:
Because the OnBoard filters packets like a firewall, the Web Manager menu option under “Network” is titled “Firewall.”)
The cycli utility provides the iptables command to do the same tasks, because when rules are added, edited, or deleted, the corresponding iptables are updated.
By default, the OnBoard does not forward any traffic between private and public networks. The administrator might want to add rules to allow some limited communications between specific devices on the private network and the public network. For example, the administrator could add rules to allow a device to send email using an email server on the public network, as shown in the example in /usr/share/docs/OnBoard/Application_Notes/Network/priv-to-pub.pdf.
Caution! It is possible for an OnBoard administrator to create rules that circumvent the access controls on a device. The OnBoard administrator is responsible for understanding the implications of packet filtering rules that the administrator may add to the system and making sure that security is not compromised by the added rules.

Introduction for Administrative Users > Firewall/Packet Filtering on the OnBoard