Lancom Systems LCOS 3.50 Server User Manual


 
LANCOM Reference Manual LCOS 3.50 ̈ Chapter 8: Firewall
148
Firewall
̈ Conditions
If no further actions are specified in a “connect” or “Internet” filter, then
implicitly a combination of these filters with the “reject” action is
assumed.
̈ Limits/Trigger
Each Firewall action can be tied together with a limit, whose excess leads
to the triggering of the action. Also, several limits for a filter thereby can
build action chains.
Limit objects are generally introduced by %L, followed by:
Reference: per connection (c) or globally (g)
Kind: Data rate (d), number of packets (p) or packet rate (b)
Value of the limit
Further parameters (e. g. period and quantity)
The following limitations are available:
Condition Description Object
ID
Connect filter The filter is active when no physical connection to the
packet destination exists.
@c
DiffServ filter The filter is active when the packet contains the indicated
Differentiated Services Code Point (DSCP) (’Evaluating
ToS and DiffServ fields’ page 183.
@d (plus
DSCP)
Internet filter The filter is active when the packet is received or will be
transmitted via default route.
@i
VPN filter The filter is active when the packet is received or will be
transmitted via VPN connection.
@v
Limit Description Object
ID
Data (abs) Absolute number of kilobytes on the connection after
which the action is executed.
%lcd
Data (rel) Number of kilobytes/second, minute, hour on the con-
nection after which the action is executed.
%lcds
%lcdm
%lcdh
Packet (abs) Absolute number of packets on the connection after
which the action is executed.
%lcp