Creation Of A Packet Filter Rule For Inbound Udp Traffic; Creation Of A Packet Filter Rule For Inbound Tcp Traffic - GE MDS ORBIT MCR Technical Manual

Ensure that Actions is set to Accept. Again, Log Level can be set to Debug unless there is a need to view
incoming UDP connections.
Note that the UDP rule appears below the ESP rule in the rule list. This indicates that the ESP rule will be
applied first, and then the UDP rule. This is not a problem since the two rules are not in conflict.
Figure 3-128. Creation of a packet filter rule for inbound UDP traffic
The next rule in this example will be used for the TCP services SSH and NETCONF. Click Add new
rule and select Protocol TCP. Since SSH and NETCONF traffic is used to manage the MCR, the traffic
terminates at the MCR. This means that the incoming traffic will have these well-known service ports as
its destination port. Set Destination Port to Services, and enter netconf, Ssh in the textbox next to
Services. Again, ensure that Actions is set to Accept, and Log Level can be set to Debug.
Figure 3-129. Creation of a packet filter rule for inbound TCP traffic
The last step in the creation of a restrictive filter is a default rule to deny all traffic that does not match
any of the previous rules. To do this, click Add new rule, select Protocol All, and set Actions to Drop.
The Log Level is once again set to Debug. This rule must be at the last on the rule list. Any rules added
after this last rule will have no effect, as they would match "any" traffic and be dropped.
Figure 3-130. Creation of a default restrictive packet filter rule for inbound traffic
Once all changes are finished, click Back to return to the list of packet filters and create another.
MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 221