Filter
Top Products
6-50 CHAPTER 6: MANUAL SETUP
the first match that occurs. If there is no match, by default the packet is accepted.
For this reason, you should order your protocol rules so that the rules you expect
to be most frequently matched are in the beginning of the section. This reduces
the amount of parsing time that occurs during filtering.
The following table describes each field used in the rule syntax:
The OR operation can be implemented by successive rules.
For example, to accept a packet if the source address is xxx, or the destination
address is yyy, the following rules are used (this will only accept packets from the
specified address(es); all other packets will be rejected):
IP:
1 ACCEPT src-addr=xxx;
2 ACCEPT dst-addr=yyy;
999 DENY;
The following table describes the keywords for each protocol section and their
legal operators used in the rule syntax.
Value ranges are also given where ddd is a decimal between 1 and 255, mask is a
decimal between 1 and 32, and xx is a hex number:
Table 6-5 Protocol Rules
Field Description
line # Each rule must have a unique line number from 1-10 plus 999 for the DENY verb.
You must arrange rules in increasing order.
Verb This field can be one of the following:
ACCEPT - Allow the packet access if the condition is met (use with DENY verb to
indicate reject all other packets).
REJECT - Do not allow the packet access if the condition is met.
AND - Logically use the AND condition with condition of the next rule to
determine if the packet is accepted or rejected. Both defined conditions must be
met.
Keyword The keywords for all protocol, descriptions, corresponding operators and values.
Operator Describes the relationship between the keyword and its value. The operator field
must be one of the following:
= Equal
!= Not equal
> Greater than
< Less than
>= Greater or Equal
<= Less or Equal
=> Generic
value Contains a entity that is appropriate for the keyword.