Table of Contents
Advertisement
11 Networking
240
• source and/or destination IP address
• packet protocol
• source and/or destination port (port ranges are supported)
Access lists are an effective means if, for example, sites with LANs interconnected over a
bintec elmeg gateway wish to deny all incoming FTP requests or only allow Telnet sessions
between certain hosts.
Access filters in the gateway are based on the combination of filters and actions for filter
rules (= rules) and the linking of these rules to form rule chains. They act on the incoming
data packets to allow or deny access to the gateway for certain data.
A filter describes a certain part of the IP data traffic based on the source and/or destination
IP address, netmask, protocol and source and/or destination port.
You use the rules that you set up in the access lists to tell the gateway what to do with the
filtered data packets, i.e. whether it should allow or deny them. You can also define several
rules, which you arrange in the form of a chain to obtain a certain sequence.
There are various approaches for the definition of rules and rule chains:
Allow all packets that are not explicitly denied, i.e.:
• Deny all packets that match Filter 1.
• Deny all packets that match Filter 2.
• ...
• Allow the rest.
or
Allow all packets that are explicitly allowed, i.e.:
• Allow all packets that match Filter 1.
• Allow all packets that match Filter 2.
• ...
• Deny the rest.
or
Combination of the two possibilities described above.
A number of separate rule chains can be created. The same filter can also be used in dif-
ferent rule chains.
You can also assign a rule chain individually to each interface.
bintec elmeg GmbH
bintec RS Series
Hide quick links:
Advertisement
Table of Contents
