IP Firewall is a mechanism of filtering packets crossing an
IP network node, according to different criteria. System administrator may define a set of incoming filters and a set of outgoing filters. The incoming filters determine which packets may be accepted by the node. The outgoing filters determine which packets may be forwarded by the node as a result of routing. Each filter describes a class of packets and defines how these packets should be processed (reject and log, accept, accept and log).
...
| Center |
|---|
| Scroll Title |
|---|
| | IP firewall rule parameter | Description |
|---|
| Action | - Set the action for the rule: permit/deny/pass:
- “Permit” - the packet is processed by the system (ignoring other firewall rules)
- “Deny” - the packet is dropped
- “Pass” - the packet is passed to the next rule in the list and logged in the system log (only if the log check box is marked)
| | Channel | - Allocate a logical channel if there are logical channels prior created in "Traffic Shaping" section (it is active only if the action "permit" is selected)
- If you allocate a number for a logical channel that was not prior created in "Traffic Shaping" section, it has no effect in the rule configuration
- For the indications how to create a logical channel, please refer to "Traffic Shaping" section below
| | Priority | - Set the priority for the packets going through the new rule of the filter:
- “Up to” - used to increase the packet priority to the specified value only if the processed packet has a lower priority
- “Set” - used to assign a new priority regardless of the value already assigned to the packet
| | Log | - Enable/disable filter actions logging in the system log
| | Direction | - Set the input/output direction for applying the new rule:
- “Input” - the rule is used to process inbound traffic
- “Output” - the rule is used to process outbound traffic and for post-routing packet filtering
| | Interface | - Set the interface for applying the new rule
- All the available interfaces are displayed in the dropdown list (physical and logical)
- If “any” option is used, the rule is applied to all available interfaces
| | Group | - Set the Switch Group number for the applying of the new rule
- The Switch Group must be prior created
| | Rule | - Set the packet capture filter for IP firewall
- It is the same syntax called “PCAP expression”, as in the "Switching" section
- Refer to the filter expression syntax description above
- By clicking the «Validate» button, you can check the syntax in the expression in the “Rule” field
|
|
|
The «Up/Down» arrows allow you to organize rules list. The rules are processed one by one in a top-down order.
...