Chapter 4
•
Subnet mask Whether a rule applies to a single IP address or a
range of addresses is determined by the value in the subnet mask
field. For a single IP address, choose the value 32, which is a 32-bit
subnet mask. For a range of IP addresses, choose a smaller subnet
mask.
The "decimal value" of the subnet mask (for example, 32-bit)
corresponds to an equivalent subnet mask as a "Dotted Quad"
address, as shown in the table below. The table also displays
examples of the IP address ranges that would be filtered by a rule
with the corresponding subnet mask.
Decimal
32-bit = 255.255.255.255
24-bit = 255.255.255.0
16-bit = 255.255.0.0
8-bit
•
Port The Port field determines the port or the range of ports that
the Policy applies to. A port is used for specifying where a logical
connection can be made between the client and server software
programs. For example, port 80 is the HTTP port and port 23 is the
telnet port.
•
Protocol The Protocol field specifies whether the rule filters
communication using TCP, UDP, ICMP or all three protocols. A
protocol is a standardized form of communication between network
devices.
108
Dotted Quad
= 255.0.0.0
Example IP Address Ranges Filtered
Filters only 192.168.27.2
Filters from 192.168.27.0 to 192.168.27.255
Filters from 192.168.0.0 to 192.168.255.255
Filters from 192.0.0.0 to 192.255.255.255