Filter
Top Products
Chapter 6: Security
106
a. Click the IPv4 tab if necessary.
b. Ensure the Enable IPv4 Access Control checkbox is selected.
c. The default policy is shown in the Default Policy field. To change
it, select a different policy from the drop-down list.
Accept: Accepts traffic from all IPv4 addresses.
Drop: Discards traffic from all IPv4 addresses, without
sending any failure notification to the source host.
Reject: Discards traffic from all IPv4 addresses, and an ICMP
message is sent to the source host for failure notification.
3. To determine the default policy for IPv6 addresses:
a. Click the IPv6 tab.
b. Ensure the Enable IPv6 Access Control checkbox is selected.
c. The default policy is shown in the Default Policy field. To change
it, select a different policy from the drop-down list.
Accept: Accepts traffic from all IPv6 addresses.
Drop: Discards traffic from all IPv6 addresses, without
sending any failure notification to the source host.
Reject: Discards traffic from all IPv6 addresses, and an ICMP
message is sent to the source host for failure notification.
4. Click OK to save the changes. The new default policy is applied.
Creating Firewall Rules
Firewall rules determine whether to accept or discard traffic intended for
the EMX, based on the IP address of the host sending the traffic. When
creating firewall rules, keep these principles in mind:
Rule order is important.
When traffic reaches the EMX device, the rules are executed in
numerical order. Only the first rule that matches the IP address
determines whether the traffic is accepted or discarded. Any
subsequent rules matching the IP address are ignored by the EMX.
Subnet mask may be required.
When typing the IP address, you may or may not need to specify
BOTH the address and a subnet mask. The default subnet mask is
/32 (that is, 255.255.255.255). You must specify a subnet mask only
when it is not the same as the default. For example, to specify a
single address in a Class C network, use this format:
x.x.x.x/24
where /24 = a subnet mask of 255.255.255.0.