Filter
Top Products
Configuring Rights
Modifying the Outside World Filter to Restrict Access
If the Outside World Allowed Traffic filter is not sufficiently restrictive for your network environment,
you can modify it (or create a new filter) to restrict access to multiple subnets or IP addresses.
Step 1. From the Allowed Traffic tab, click the Outside World filter.
The Edit Filter page for Allowed Traffic appears, with the Outside World filter displayed.
Step 2. To rename this filter, type a new name in the Name field. To modify the Outside World filter, leave
the name unchanged.
Step 3. By default, the Outside World filter allows IP traffic on any port to any destination except the IP
address range defined by the
@INTRANET@ variable.
You can view the definition of the
@INTRANET@ variable by clicking the View button ( ) next to
the
Addresses field.
Step 4. If you want to specify a single destination IP address or address range, type it in the Address
field. You can also create an address variable and use it here. The address can be preceded by a
“
!” or “not” to negate the address.
Step 5. To specify a more complicated address filter, you can enter a tcpdump expression. Select the Allow
traffic via a custom filter
radio button, and type the appropriate expression into the text box.
For example, as shown in Figure 4-42, to allow all traffic except to subnets 10.0.0.0/8 and
20.0.0.0/8, you could enter the tcpdump string:
(not dst net 10.0.0.0/8) and (not dst net 20.0.0.0/8)
Figure 4-42. Changing the Outside World Allowed Traffic filter
4-82 HP ProCurve Secure Access 700wl Series Management and Configuration Guide