Multitech MultiAccess MA30120 User Manual page 72

Example: Network A is contained in network B.
Rule 1 allows network A to use the SMTP service.
Rule 2 forbids network B to use SMPT.
Result: Only network A is allowed SMPT.
SMPT packets from all other network B IP addresses are not allowed to pass and are logged.
Re-sorting the rules may change how the MultiAccess operates. Be very careful when defining
Caution:
the rule set. It determines the security of your MultiAccess.
If one rule applies, the subsequent ones are ignored. Therefore, the sequence is very
Caution:
important. Never place a rule with the entries Any – Any – Any – Accept at the top of your
rule set, as such a setting will match all packets, and thus, cause all subsequent rules to be
ignored.
Add User Defined Packet Filter Rules
Choosing from four drop-down lists creates new packet filter rules. All services, networks, and groups
previously created in Definitions are presented for selection. In Edit rule, use the Save button to create the
appropriate rule as a new line at the bottom of the table. The status of the new rule is initially inactive (red
dot next to it), and can be manually activated afterwards. The new rule automatically receives the next
available number in the table. The overall effectiveness of the rule is decided by its position in the table.
You can move the new rule within the table with the Move function in the Command column.
Select the network from which the information packet must be sent for the rule to match.
From Client:
You can also select network groups. The Any option can also be given which matches all IP
addresses, regardless of whether they are officially assigned addresses or so-called private
addresses. These Network clients or groups must be pre-defined in the Networks menu.
Example: net1 or host1 or Any
Select the service that is to be matched with the rule. These services are pre-defined in the
Service:
Services menu. With the help of these services, the information traffic to be filtered can be
precisely defined. The default entry Any selects all combinations of protocols and parameters
(e.g., ports).
Example: SMTP, ANY
Select the network to which the data packets are sent for the rule to match. Network
To Server:
groups can also be selected. These network clients or groups must be pre-defined in the
Networks menu.
Select the action that is to be performed in the case of a successful matching (applicable filter
Action:
rule). There are three types of actions:
•
Accept:
•
Reject:
informed that the packet has been rejected.
•
Drop:
Drop is recommended for filter violations that constantly take place, are not security
relevant, and only flood the LiveLog with meaningless messages (e.g., NETBIOS-
Broadcasts from Windows computers).
To drop packets with the target address Broadcast IP, you first have to define the
appropriate broadcast address in the form of a new network in the Networks menu
(defining new networks is explained in detail earlier in this chapter). You must then set
and enable the packet filter rule.
MultiAccess Communications Server MA30120 User Guide
This allows/accepts all packets that match this rule.
This blocs all packets that match this rule. The host sending the packet will be
This drops all packets that match this rule, but the host is not informed. The action
Chapter 3 – Software
Packet Filters > Packet Filter Rules
72