3Com VCX v7111 User Manual page 343

Explanation of the example access list:
Rule #10: traffic from the host mgmt.customer.com destined to TCP ports 0 to 80, is
always allowed.
Rule #15: traffic from the 192.xxx.yyy.zzz subnet, is limited to a rate of 40 Kbytes per
second (with an allowed burst of 50 Kbytes). Note that the rate is specified in bytes, not
bits, per second; a rate of 40000 bytes per second, nominally corresponds to 320 kbps.
Rule #20: traffic from the subnet 10.31.4.xxx destined to ports 4000 to 9000 is always
blocked, regardless of protocol.
Rule #22: traffic from the subnet 10.4.xxx.yyy destined to ports 4000 to 9000 is always
blocked, regardless of protocol.
All other traffic is allowed.
More complex rules may be defined, relying on the single-match process described above:
Figure 135 shows an advanced example of an access list definition using ini file:
Figure 135 Advanced Example of an Access List Definition using ini File
[ ACCESSLIST ]
FORMAT AccessList_Index = AccessList_Source_IP, AccessList_Net_Mask,
AccessList_Start_Port, AccessList_End_Port, AccessList_Protocol,
AccessList_Packet_Size, AccessList_Byte_Rate, AccessList_Byte_Burst,
AccessList_Allow_Type;
AccessList 10 = 10.0.0.0, 255.0.0.0, 0, 65535, any, 0, 40000, 50000, allow ;
AccessList 15 = 10.31.4.0, 255.255.255.0, 4000, 9000, any, 0, 0, 0, allow ;
AccessList 20 = 0.0.0.0, 0.0.0.0, 0, 65535, any, 0, 0, 0, block;
[ \ACCESSLIST ]
Explanation of the example access list:
This access list consists of three rules:
Rule #10: traffic from the subnet 10.xxx.yyy.zzz is allowed if the traffic rate does not
exceed 40 KB/s.
Rule #15: if a packet didn't match rule #10, that is, the excess traffic is over 40 KB/s, and
coming from the subnet 10.31.4.xxx to ports 4000 to 9000, then it is allowed.
Rule #20: all other traffic (which didn't match the previous rules), is blocked.
The internal firewall can also be configured using the Embedded Web Server (see
Configuring the Firewall
®
3Com VCX V7111 VoIP Gateway User Guide
Settings).
343