The five input filters and one output filter that make up Basic Firewall are shown in the table below.
Setting
Input filter 1
Enabled
Forward
Source IP
0.0.0.0
address
Source IP
0.0.0.0
address mask
Dest. IP
0.0.0.0
address
Dest. IP
0.0.0.0
address mask
Protocol type
Source port
No Com-
comparison
Source port ID
Dest. port
Equal
comparison
Dest. port ID
2000
Basic Firewall's filters play the following roles.
Input filters 1 and 2: These block WAN-originated OpenWindows and X-Windows sessions. Service origination
requests for these protocols use ports 2000 and 6000, respectively. Since these are greater than 1023,
OpenWindows and X-Windows traffic would otherwise be allowed by input filter 4. Input filters 1 and 2 must
precede input filter 4; otherwise they would have no effect as filter 4 would have already passed OpenWindows
and X-Windows traffic.
Input filter 3: This filter explicitly passes all WAN-originated ICMP traffic to permit devices on the WAN to ping
devices on the LAN. Ping is an Internet service that is useful for diagnostic purposes.
Input filters 4 and 5: These filters pass all TCP and UDP traffic, respectively, when the destination port is
greater than 1023. This type of traffic generally does not allow a remote host to connect to the LAN using one
of the potentially intrusive Internet services, such as Telnet, FTP, and WWW.
Output filter 1: This filter passes all outgoing traffic to make sure that no outgoing connections from the LAN
are blocked.
Input filter 2
Yes
Yes
No
No
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
TCP
TCP
No Com-
pare
pare
0
0
Equal
6000
Input filter 3
Input filter 4
Yes
Yes
Yes
Yes
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
ICMP
TCP
N/A
No Com-
pare
N/A
0
N/A
Greater
Than
N/A
1023
Security 14-19
Output filter
Input filter 5
1
Yes
Yes
Yes
Yes
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
UDP
0
No Com-
N/A
pare
0
N/A
Greater
N/A
Than
1023
N/A