Adding An Allow Ip Rule - D-Link NetDefend DFL-210 User Manual

3.5.5. IP Rule Set Folders
In order to help organise large numbers of entries in IP rule sets, it is possible to create IP rule set
folders. These folders are just like a folder in a computer's file system. They are created with a given
name and can then be used to contain all the IP rules that are related together as a group.
Using folders is simply a way for the administrator to conveniently divide up IP rule set entries and
no special properties are given to entries in different folders. NetDefendOS continues to see all
entries as though they were in a single set of IP rules.
The folder concept is also used by NetDefendOS in the Address Book, where related IP address
objects can be grouped together in administrator created folders.
Example 3.17. Adding an Allow IP Rule
This example shows how to create a simple Allow rule that will allow HTTP connections to opened from the lannet
network on the lan interface to any network (all-nets) on the wan interface.
Command-Line Interface
First, change the current category to be the main IP rule set:
gw-world:/> cc IPRuleSet main
Now, create the IP rule:
gw-world:/main> add IPRule Action=Allow Service=http
Return to the top level:
gw-world:/main> cc
Configuration changes must be saved by then issuing an activate followed by a commit command.
Web Interface
1. Go to Rules > IP Rules > Add > IPRule
2. Specify a suitable name for the rule, for example LAN_HTTP
3. Now enter:
• Name: A suitable name for the rule. For example lan_http
• Action: Allow
• Service: http
• Source Interface: lan
• Source Network: lannet
• Destination Interface: wan
• Destination Network: all-nets
4. Click OK
SourceInterface=lan SourceNetwork=lannet
DestinationInterface=wan
DestinationNetwork=all-nets
Name=lan_http
114
Chapter 3. Fundamentals