Lucent Technologies SLC ConnectReach User & Service Manual page 480

Custom Firewall Configurations
Configuring IP Filter Groups
Configuring IP Filter Group (Continued)
Configuration
procedure
(continued)
C-4 Issue 4 June 2002
Remarks
One distinguishable feature of the IP Filter implementation is the presence of the
special "default" keyword. This specifies the normal protocols that a typical server
would support, that is, those protocols that should be permitted: Telnet, FTP,
SMTP, DNS, HTTP, PING, POP2, POP3. The default keyword is very useful in
cases where access is allowed for just one server on the local area network (LAN)
[for all the traffic coming from the wide area network (WAN) side].
Enter a question mark to view the settings.
>(Config:IPFirewall:InFilterGroup) ?
The order of the filter statements is important!
Once the filter matches, the action (permit/deny) is
immediately performed.
The source (src) and destination (dst) parameters are
specified with an IP address and netmask or one of
the following words: eth0, eth1, pvcn (where n is any
number from one to thirty), ppp0, hdlc0.
Filter 1 has the highest priority and so on.
The defaultAction specifies what to do with the
packet in the default case. defaultAction permitAll is
the only factory default statement.
"All" means all packets.
"Keyword" can be one of the following words:
Telnet, FTP, SMTP, HTTP, PING, RIP, ICMP, TFTP,
bootp, gopher, DNS, SNMP, NTP, OSPF, NFS, FTP-
data, RSVP, NHRP, POP2, POP3
"Default" means all of the following protocols: Telnet,
FTP, SMTP, DNS, HTTP, PING, POP2, POP3
The parameters tcpport, udpport, and iptype are each
followed by a setting for the cmp. Cmp can be one of
the following: >, <, =, !=
Est means to apply this access list to already
established TCP connections.
All [ ] parameters above are optional. The only
required parameters are Action and Protocol.
363-208-050
(Continued on next page)