IP firewall rule parameter | Description |
---|
Action | - Set the action for the rule: permit/deny/pass:
- “Permit” - the packet is processed by the system (ignoring other firewall rules)
- “Deny” - the packet is dropped
- “Pass” - the packet is passed to the next rule in the list and logged in the system log (only if the log check box is marked)
|
Channel | - Allocate a logical channel if there are logical channels prior created in "Traffic Shaping" section (it is active only if the action "permit" is selected)
- If you allocate a number for a logical channel that was not prior created in "Traffic Shaping" section, it has no effect in the rule configuration
- For the indications how to create a logical channel, please refer to "Traffic Shaping" section below
|
Priority | - Set the priority for the packets going through the new rule of the filter:
- “Up to” - used to increase the packet priority to the specified value only if the processed packet has a lower priority
- “Set” - used to assign a new priority regardless of the value already assigned to the packet
|
Log | - Enable/disable filter actions logging in the system log
|
Direction | - Set the input/output direction for applying the new rule:
- “Input” - the rule is used to process inbound traffic
- “Output” - the rule is used to process outbound traffic and for post-routing packet filtering
|
Interface | - Set the interface for applying the new rule
- All the available interfaces are displayed in the dropdown list (physical and logical)
- If “any” option is used, the rule is applied to all available interfaces
|
Group | - Set the Switch Group number for the applying of the new rule
- The Switch Group must be prior created
|
Rule | - Set the packet capture filter for IP firewall
- It is the same syntax called “PCAP expression”, as in the "Switching" section
- Refer to the filter expression syntax description above
- By clicking the "Validate" button, you can check the syntax in the expression in the “Rule” fie
|