Adding An Input Filter For A Firewall Filter Interface; Table 259 Firewall Input Filter Rule Settings - Nortel BCM 3.7 Manual

Adding an Input Filter for a Firewall Filter Interface

Before you can specify a Rule Order, you must add Filter Rules.
The maximum number of Input Filter Rules you can add is 32.
1
Click the Input Filters' Rule Settings tab.
The Input Filters' Rule Settings screen appears.
2
On the Configuration menu, click Add Input Filter Rule.
3 Configure the Input Filter Rule settings according to the following table.

Table 259 Firewall Input Filter Rule settings

Attribute Description
Rule Name (IR# Allows you to assign a number to the Rule.
or OR#)
Stateful Allows you to specify if the states of connections that match this rule will be monitored. This
permits the creation of one-way rules. For example, you can permit inside traffic to return but
block traffic originating from the outside.
For more information refer to
The values are Yes and No. The default is Yes.
Disposition Allows you to specify if a packet that matches this rule passes through or is blocked.
The values are Block or Pass. The default is Block.
Protocol Allows you to specify the protocol type of the packet to be filtered.
The values are; IP, TCP, UDP, TCP/UDP, ICMP, OSPF, PPTP, IPSEC_AH AND IPSEC_ESP.
The default is IP.
Source IP Type Allows you to specify if the Source IP is Fixed or Dynamic.
Use Dynamic when the IP is assigned by an outside source. For example, your Internet Service
Provider (ISP) assigns your IP address. If you specify Dynamic, Source IP and Source IP Mask
do not need to be entered.
The default is Fixed.
Note: Dynamic does not match all IP addresses. If you want to match all IP addresses, enter an
IP address of 0.0.0.0 and a mask of 0.0.0.0.
Source IP Allows you to specify the source address of the packet to be filtered.
Source Range Allows you to specify the source address mask of the packet to be filtered.
Mask
If you enter 255.255.255.255, then the Source IP is a single address.
If you enter 0.0.0.0, then the Source IP is all possible addresses.
Source Port Allows you to specify a single entry, a range of entries (1-65535) or one of the following: ALL,
Range (#-#) FTP, Telnet, SMTP, SNMP, DNS, DHCP, TFTP, Gopher, Finger, HTTP, H.323, POP, NNTP,
NetBios, RPC, SUNNFS and DCOM.
Non-standard Select Yes if the Source Port Range contains non-standard FTP ports.
FTP Port
Select No if the Source Port Range does not contain non-standard FTP ports.
If your FTP server behind the Business Communications Manager listens on a non-standard
port, you must select Yes for this option. This is because FTP uses two ports - command(21) and
data(20). When a port other than 21 is used for FTP, the IP Firewall needs to be able to deal with
the alternate data port as well.
The default is No.
Configuring IP Firewall Filters for an interface
"Stateful Packet Filters" on page 820.
Programming Operations Guide
823