Filter
Top Products
• The view table of the Firewall Configuration form containing a list of chains.
• The chains which contain the rules controlling filtering.
Chain
A chain is a named profile that includes one or more rules defining either a set of characteristics
to look for in a packet or what to do with any packet having all the defined characteristics.
The console server filter table contains a number of built-in chains, each referenced according
to the packet type they handle. As defined in the rules for the default chains, all input and
output packets and packets being forwarded are accepted.
Rule
Each chain can have one or more rules that define either the packet characteristics being filtered
or what to do when the packet matches the rule.
Each filtered packet characteristic is compared against the rules. All defined characteristics must
match. If no rules are found then the default action for that chain is applied.
Administrators can:
• Add a new chain and specify rules for that chain
• Add new rules to existing chains
• Edit a built-in chain or delete the built-in chain rules
Add rule and edit rule options
When you add or edit a rule, you can define any of the options described in the following
table.
Filter Options Description
SourceIP and Mask
DestinationIP andMask
With sourceIP,incomingpacketsarefilteredfor the specifiedIPaddress.WithdestinationIP,
outgoingpacketsarefiltered.
Ifyoufillina sourceor destination mask,allpacketsarefilteredfor IPaddressesfromthe
subnetworkinthespecifiednetmask.
NOTE: For IPv6,onlyonefieldisavailable:<IPAddress>/<Prefix>.
Protocol
Selectprotocoloptionsfor filtering fromALL, Numeric,TCP,UDP,ICMP(IPv4only) andICMPv6
(IPv6only).
Input Interface Theinputinterface(eth0) usedbythe incomingpacket.
OutputInterface Theoutputinterface (eth0) usedbythe outgoingpacket.
Table 1.3: Add Rule and Edit Rule Option Definitions
Chapter 1: Introduction 7