Firewall (Ipfilter) - Seiko SMARTCS NS-2250 Instruction Manual

2.3.7 Firewall (ipfilter)

With the Firewall (ipfilter) you can achieve the access control by respective filter conditions
such as IP address, protocol type and port number.
The firewall (ipfilter) is evaluated in advance of the previous chapter of "2.3.6 Control
access to servers". The below table shows available filter types in the Firewall (ipfilter).
Item
Built-in filter
(receive)
Filter type
Custom filter
(receive)
Interface
IP address
Filter
condition
Protocol
Processing
The built-in filter is a filter which is configured in the system in
advance. It accepts the following received packets.
(1) Return packet for packet sent by NS-2250
The following packets are also subject to this filter.
・SYN/ACK and ACK packet at 3-way handshake
・FIN, FIN+ACK and RST packet at end of session
・TCP connection request packet (SYN) of FTP-DATA session
(passive) when accessing ftpd function
・TCP connection request packet (SYN) of FTP-DATA session
(active) when ftp command is executed
・IKE packet after establishing ISAKMP-SA
・ESP packet after establishing IPSEC-SA
・ICMP error message packet
(2) Packet sent out from loopback device of NS-2250
Triggered by enabling the Firewall. (Default: disable)
Deleting or modifying the built-in filter is not possible.
User configurable filter processed at the input of the interface.
Processed after the built-in filter. Max. 64 entries can be stored.
eth1: LAN1 port
eth2: LAN2 port
bond1: Bonding port
SA: Source IP address
DA: Destination IP address
ICMP: ICMP type(0-255)
TCP: TCP port number(1-65535)
UDP: UDP port number(1-65535)
ESP: ESP protocol
accept: accept the packet
drop: drop the packet
Description
2-43