SMC Networks SMC7401BRA Network Router User Manual


 
Configuring IP Filters
147
Store State: When this option is enabled, packets are monitored for their
state
(i.e., whether they are the initiating packet or a subsequent packet
in an ongoing communication, etc). This option provides
a degree of security by blocking/dropping packets that are not
received in the anticipated state. Such packets can signify
unwelcome attempt to gain access to a network.
Source Port:
Dest Port:
These are the port number criteria for the source computer(s)
(from which the packet originates) and destination computers.
Port numbers identify the type of traffic that the computer or
server can handle and are specified by the Internet Assigned
Numbers Authority (IANA). For example, port number 80
indicates a Web server, 21 indicates an FTP server.
You can choose a port type by name from the drop-down lists
or,
if not available in the list, specify the IANA port number in the text
boxes. Select any other port if the criteria will not be used.
These fields will be dimmed (unavailable for entry) unless you
have selected [TCP] or [UDP] as the protocol.
See the description of [Src IP Address] for the statement options
([any], [eq], [gt], etc.)
TCP Flag: This field specifies whether the rule should apply only to TCP
packets that contain the synchronous (SYN) flag, only to those
that contain the non-synchronous (NOT-SYN) flag, or to all TCP
packets. This field will be dimmed (unavailable for entry) unless
you
selected [TCP] as the protocol.
ICMP Type: This field specifies whether the value in the type field in ICMP
packet headers will be used as criteria. The code value can be
any decimal value from [0-255]. You can specify that the value
must equal ([eq]) or not equal ([neq]) the specified value,
or you can select [any] to enable the rule to be invoked on
all ICMP packets. This field will be dimmed (unavailable for entry)
unless you specify [ICMP] as the protocol.
ICMP Code: This field specifies whether the value in the code field in ICMP
packet headers will be used as criteria. The code value can be
any decimal value from [0-255]. You can specify that the value
must equal ([eq]) or not equal ([neq]) the specified value,
or you can select [any] to enable the rule to be invoked on
all ICMP packets. This field will be dimmed (unavailable for entry)
unless you specify ICMP as the protocol.