HP 7102dl - ProCurve Secure Router Configuration Manual page 205

ProCurve Secure Router OS Firewall—Protecting the Internal, Trusted Network
Packet 1
Permitted
source IP
Internet
Packet 2
source IP
Figure 4-1. Packet-Filtering Firewall
ACLs specify certain settings for packets' full association information. For
example, the ACL can permit packets from a range of IP addresses destined
to a specific IP address on a specific port.
You then configure ACPs that either allow or discard packets selected by the
ACL. For example, you can create ACPs that will drop packets from specific
untrusted servers that are identified by their IP addresses. You can also create
ACPs that permit particular types of connections (such as FTP connections,
identified by destination port) only if they are using the appropriate trusted
servers (such as the FTP server, identified by source address).
The Secure Router OS firewall's packet-filtering capabilities are among its
most important and most flexible functions. Clearly, the specific traffic that
the router should allow and block depends on your organization's addressing
scheme and security policies. You can configure the router's firewall to behave
in a wide variety of ways, including:
allowing all traffic between two remote trusted sites
blocking all inbound traffic except that to a Web server
allowing all outbound traffic and blocking all inbound traffic
For information on how to configure packet filtering, see Chapter 5: Applying
Access Control to Router Interfaces.
Router
Denied
Packet 2
Packet 1
Private network
Overview
4-5