Cyclades ACS48 Network Hardware User Manual


 
4: Configuring the Web Interface
80 AlterPath Console Server User Manual
Firewall Configuration
Firewall configuration, also known as IP filtering, refers to the selective
blocking of the passage of IP packets between global and local networks. The
filtering is based on rules that describe the characteristics of the packet (e.g.,
the contents of the IP header, the input/output interface, or the protocol).
This feature is used mainly in firewall applications to filter the packets that
could potentially crack the network system or generate unnecessary traffic in
the network.
Structure of IP Filtering
The Firewall Configuration form is structured on two levels:
The view table of the Firewall Configuration form which contains a list of
chains.
The chains which contain the rules that control filtering.
Chain
The filter table contains a number of built-in chains and can include any other
chains that you add (user-defined chains) through the Add Chain dialog box.
User-defined chains are called when a rule which is matched by the packet
points to the chain.
The built-in chains are called according to the type of packet, and are
classified as follows:
INPUT - For packets coming into the ACS box itself.
FORWARD - For packets being routed through the ACS box.
OUTPUT - For locally-generated packets.
Rule
Each chain has a sequence of rules that address the following:
How the packet should appear in order to match the rule.
Some information about the packet is checked according to the rule, for
example, the IP header, the input and output interfaces, the TCP flags and
the protocol.
What to do when the packet matches the rule.
The packet can be accepted, blocked, logged or jumped to a user-defined
chain.