Security
IPTables
WTI Devices
IPTables on WTI Devices: Identifying Interfaces and Controlling Network Access
WTI devices use Linux-based iptables to control inbound and outbound network traffic. This guide explains how to identify interface names and apply practical firewall rules.
⚠️
Risk of Management Lockout
IPTables rules are applied immediately and affect all management access paths.
Incorrect rules may lock you out of the device.
- Always allow at least one verified management method (SSH / HTTPS / WebTerm).
- Apply changes during a maintenance window.
- Verify access before closing your session.
What you can do with iptables
- Allow or block specific IP addresses or ranges
- Restrict access by port or protocol
- Apply rules to specific Ethernet or Cellular interfaces
- Implement most standard Linux iptables functions
1) Determine the iptables interface name
| Interface | iptables Name | Example |
|---|---|---|
| USB Cellular | qmimux0 |
iptables -A INPUT -i qmimux0 -j ACCEPT |
| Ethernet 0 | eth0 |
iptables -A INPUT -i eth0 -j ACCEPT |
| Ethernet 1 | eth1 |
iptables -A INPUT -i eth1 -j ACCEPT |
| Serial Cellular | ppp0 |
iptables -A INPUT -i ppp0 -j ACCEPT |
USB vs Serial Cellular:
Run
/j* and check the modem model. Models ending in -U indicate USB (qmimux0).
2) Example: Allow SSH access from a single IP
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -s 54.182.73.196 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP3) Example: This will explicitly allow all traffic on eth0, and allow SSH and ping to the cell interface only from the provided IP addresses. Replace IP address 54.182.73.196 with your public IP address
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -A INPUT -i qmimux0 -s 54.182.73.196 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o qmimux0 -d 54.182.73.196 -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -i qmimux0 -s 54.182.73.196 -p icmp -j ACCEPT
iptables -A OUTPUT -o qmimux0 -d 54.182.73.196 -p icmp -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP