Filter
Top Products
Configuring Rights
To create or edit an Allowed Traffic filter, do the following:
Step 1. Type a name for this filter. You can change the name of an existing Allowed Traffic filter by typing
a new name.
Step 2. Type a description for the filter, or modify the existing description.
Step 3. To specify the filter by selecting the protocol, and providing the port and destination IP address,
select the
Allow traffic via a specific protocol/port/address radio button. Then do the following:
a. Select the protocol of the traffic you want to allow from the drop-down list in the Protocol
field.
b. If the protocol requires a destination port, type it into the Port field. If the protocol does not
support port specifications,
N/A appears in the port field. You can enter a single port, or use
an asterisk (*) to specify all ports.
You can access a list of ports by clicking the View icon ( ) at the right of the
Port field. This
displays in a separate pop-up window a list of ports for common destinations such as the
Stop pages or the Logon pages.
c. If you want to specify a destination IP address, type it in the Address field. The address field
can be:
—A single IP address
— A network address (IP address plus netmask)
— An asterisk (*) for any IP address
— A built-in or user-defined Address variable
An address can be preceded by a “
!” or “not” followed by a space to negate the address.
For example:
not @INTERNAL@.
You can access the list of built-in address variables by clicking the View icon ( ) at the
right of the
Address field. This displays a separate window that lists both the built-in
address variables and lets you create user-defined address variables. See Figure 4-34.
Step 4. To use a tcpdump expression to specify a filter, select the Allow traffic via a custom filter radio
button, and type the appropriate expression into the text box. See Appendix B, “Filter Expression
Syntax” for details of the tcpdump syntax.
You can create more complex filters using a tcpdump expression. For example, to allow all traffic
except to subnets 10.0.0.0/8 and 20.0.0.0/8, you could enter the tcpdump string:
(not dst net 10.0.0.0/8) and (not dst net 20.0.0.0/8)
Note: Tcpdump syntax is case sensitive. All keywords must be in lower-case to be recognized.
Step 5. Click Save to save this filter. If you have edited an existing filter, this replaces the original filter
with the modified filter definition.
To add the modified filter as a new Allowed Traffic filter, leaving the original filter unchanged,
click
Save As Copy. The Save As Copy button is available only on the Edit Filter page.
After a
Save As Copy the same page remains displayed so you can make additional changes.
Click
Cancel to return to the previous page without making any further changes.
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 4-65