target prot opt source
MMLAN all -- 0.0.0.0/0 0.0.0.0/0
Chain MMLAN (2 references)
target prot opt source
ACCEPT udp -- 192.168.0.0/24 192.168.0.1 udp dpts:7000:7100
ACCEPT udp -- 192.168.0.1 192.168.0.0/24 udp
spts:7000:7100
ACCEPT udp -- 192.168.0.0/24 192.168.0.1 udp dpt:162
ACCEPT udp -- 192.168.0.1 192.168.0.0/24 udp spt:162
ACCEPT udp -- 192.168.1.5 192.168.0.1 udp dpts:7000:7100
ACCEPT udp -- 192.168.0.1 192.168.1.5 udp spts:7000:7100
ACCEPT udp -- 192.168.1.5 192.168.0.1 udp dpt:162
ACCEPT udp -- 192.168.0.1 192.168.1.5 udp spt:162
Note
After changing the
settings once, and set their values again. For details on how to delete the
settings, see (7) Configuration deletion procedure in
Command for the Management LAN Interface (setmlanfw.sh)
Add the "MMLAN" setting chain to INPUT and OUTPUT chains. At this time,
take care to prevent interruptions by an existing REJECT setting in an INPUT
or OUTPUT chain or by a user definition chain.
Example: REJECT setting in INPUT and FORWARD
# iptables –L
Chain INPUT (policy ACCEPT)
target prot opt source
ACCEPT
all -- 0.0.0.0/0
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0
REJECT
all -- 0.0.0.0/0
prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source
REJECT all -- 0.0.0.0/0
destination
destination
IP
management LAN interface, delete the
address of the
destination
0.0.0.0/0 state
0.0.0.0/0
0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
0.0.0.0/0 reject-with icmp-host-
destination
0.0.0.0/0 reject-with icmp-host-
SVmco User Guidel
3.7 Firewall Setting
.
20