Nortel BCM 3.7 Manual page 824

824
Configuring IP Firewall Filters for an interface
Table 259 Firewall Input Filter Rule settings (Continued)
Attribute Description
Destination IP Allows you to specify if the Destination IP Type is Fixed or Dynamic.
Type
Use Dynamic when the IP is assigned by an outside source. For example, your Internet Service
Provider (ISP) assigns your IP address. If you specify Dynamic, Destination IP and Destination
IP Mask do not need to be entered.
The default is Fixed.
Note: Dynamic does not match all IP addresses. If you want to match all IP addresses, enter an
IP address of 0.0.0.0 and a mask of 0.0.0.0.
Destination IP Allows you to specify the Destination IP address.
Destination Allows you to specify the destination address mask of the packet to be filtered.
Range Mask
If you enter 255.255.255.255, then the Destination IP is a single address.
If you enter 0.0.0.0 then the Destination IP is all possible addresses.
Destination Port Allows you to specify a single entry, a range of entries (1-65535) or one of the following: ALL,
Range (#-#) FTP, Telnet, SMTP, SNMP, DNS, DHCP, TFTP, Gopher, Finger, HTTP, POP, NNTP, NetBios,
RPC, SUNNFS and DCOM.
Non-standard Select Yes if the Destination Port Range contains non-standard FTP ports.
FTP Port
Select No if the Destination Port Range does not contain non-standard FTP ports.
If your FTP server behind the Business Communications Manager listens on a non-standard
port, you must select Yes for this option. This is because FTP uses two ports - command(21) and
data(20). When a port other than 21 is used for FTP, the IP Firewall needs to be able to deal with
the alternate data port as well.
The default is No.
Source Routing Allows you to specify how the Source Routing is checked.
Present: Rule matches Only if the packet has the source routing option set.
Absent: Rule matches Only if the packets does not have the source routing option set.
Ignore: The source routing option in the packet is not checked and therefore all packets will
match.
The default is Ignore.
IP Options Allows you to specify how the IP Options are checked.
Present: Rule matches Only if the packet has the IP options set.
Absent: Rule matches Only if the packets does not have the IP options set.
Ignore: The IP Options in the packet are not checked and therefore all packets will match.
The default is Ignore.
Quick Allows you to specify the order of rule match. Yes means that the first rule match is used. No
means the last rule match is used.
The default is Yes.
N0008589 3.3