Table of Contents
Advertisement
4 SpeedTouch™610 Advanced Concepts
SpeedTouch™610
Packet Firewall and
Packet Treatments
Firewall criteria
66
•
Source
The point of all traffic sourced by the SpeedTouch™ IP router, i.e. at this point it
can be determined whether a packet is allowed to leave the local IP host.
•
Output
The point of all outgoing traffic, i.e. at this point it can be determined whether a
packet is allowed to leave the SpeedTouch™610 IP router or local IP host.
Through the hooks defined above, following traffic can run:
•
Input-to-Sink
The flow of packets destined exclusively for the SpeedTouch™610.
•
Source-to-Output
The flow of packets sourced exclusively by the SpeedTouch™610 itself.
•
Input-through-Forward-to-Output
The flow of packets sourced by the WAN, forwarded by the SpeedTouch™610
towards the local network, or vice versa.
At every hook a separate access list (chain), containing an ordered list of rules will
operated on each processed packet, resulting in a specific treatment of this packet. (See
the CLI command ":firewall rule help create" for a full parameter description)
A rule is able to operate on following (combination of) criteria:
•
Interface related
•
Source interface
•
Source interface group
•
Source bridge port
•
Destination interface
•
Destination interface group
•
IP related
•
Source IP address (range)
•
Destination IP address (range)
•
Type of service, precedence and DSCP specification in the IP packet
•
Protocol in the IP packet
•
TCP related
•
Source port number (range)
•
Destination port number (range)
•
Synchronization, urgent, and acknowledge flags
•
UDP related
•
Source port number (range)
•
Destination port number (range)
•
ICMP related
•
ICMP type
•
ICMP code number (range)
E-SIT-CTC-20030306-0004 v2.0
Advertisement
Table of Contents
