Table of Contents
Advertisement
828
Configuring IP Firewall Filters for an interface
Configuring the order of the Output Filters for an interface
After you enter all of the Output filters, you need to set the order in which the filters are used.
The order of the Output Filter Rules is very important. The more specific rules, such as rules for
specific port numbers and addresses, should be placed first. TCP and UDP rules are typically more
specific and should be first. Rules for just the IP protocol should be placed last, because they
typically ignore port numbers and only match on IP addresses.
The following two examples show how the order of the rules affects what traffic can pass through
the IP Firewall.
Example 1: Rule 1 is configured to Pass TCP protocol 25 from any IP address to 10.10.10.20.
Rule 2 is configured to Block any TCP protocol from any IP address to any IP address. If Rule 2 is
placed before Rule 1, then Rule 1 will never be reached because all TCP protocol 25 packets
destined for IP address 10.10.10.20 will be blocked by Rule 2 first.
Example 2: Rule 1 is configured to Pass TCP protocol 6800 from IP address 192.168.10.20 to IP
address 10.10.10.20. Rule 2 is configured to Block all IP protocols from any IP address to any IP
address. If Rule 2 is placed before Rule 1, all TCP packets will match Rule 2 first and will be
blocked.
To configure the order of the output filters:
1
Click the Output Filter Rules' Order tab.
The Output Filter Rules' Configuration screen appears.
2
Type in the Output Filters' Rule Order for the interface you are configuring.
3
Press the Tab key to save your settings.
N0008589 3.3
Advertisement
Table of Contents
