Table of Contents
Advertisement
17 Security Services - Firewalling
17.4 Firewall Criteria
AST570 Firewall
criteria
Interface related
criteria
IP related criteria
TCP related criteria
222 / 300
At every hook (PIP) a separate access list, called chain, containing
an ordered list of rules will operate on each processed packet,
resulting in a specific treatment of this packet (See topic 'AST570
Firewall Actions').
A rule is able to operate on the following packet criteria:
Interface related
"
IP related
"
TCP related
"
UDP related
"
ICMP related.
"
Source interface
"
Source interface group
"
Destination interface
"
Destination interface group.
"
Source IP address
"
Source IP netmask
"
Destination IP address
"
Destination IP netmask
"
Type of service
"
Protocol (TCP , UDP or ICMP).
"
Source Port number
"
Source Port number range
"
Destination Port number
"
Destination Port number range
"
Synchronization flag
"
Urgent flag.
"
3EC 17766 AAAA TCZZA Ed. 04
Advertisement
Table of Contents
