554CHAPTER 39: CONFIGURING FIREWALL

The “depth-first” principle means matching the access rules with the smallest definition range of data packets. It can be achieved by comparing the wildcards of address. The smaller the wildcards are, the smaller the range specified by the host is. For example, 129.102.1.1.0.0.0.0 specifies a host (the address is 129.102.1.1), while 129.102.1.1.0.0.255.255 specifies a network segment (the range of the address is from 129.102.1.1 to 129.102.255.255), obviously the former is arranged in the front of access control rule.

The special standard is the following:

For the statement of standard access control rules, compare the wildcards of the source addresses directly, and arrange according configuration sequence if the wildcards are the same.

For the access control rules based on interface filtering, the rules configured with “any”are arranged last, and the rest will be arranged according to the configuration sequence.

For extended access control rules, compare the wildcards of source addresses. If they are the same, then compare the wildcards of the destination address. If they are still the same, compare the range of port numbers, and the rule with smaller range will be arranged first. If the port numbers are the same, then match the rules according to the user's configuration sequence.

The display acl acl-numbercommand can be used to view the executive sequence of the system access rules, and the rules listed ahead will be selected first.

Configure Firewall

Firewall configuration includes:

 

 

Enabling and Disabling a Firewall

 

 

Configuring Standard Access Control List

 

Configuring Extended Access Control List

 

Setting the Default Firewall Filtering Mode

 

Configuring Special Timerange

 

 

Configuring Rules for Applying Access Control List on Interface

 

Specifying Logging Host

 

Enabling and Disabling a

A firewall should be enabled for filtering messages to set other configurations into

Firewall

effect.

 

 

Perform the following configurations in system view.

 

Table 621 Enable/Disable Firewall

 

 

 

 

 

Operation

Command

 

 

 

 

Enable firewall

firewall enable

 

 

 

 

Disable firewall

firewall disable

 

 

 

 

Firewalls are disabled by default.

Page 558
Image 558
3Com 10014299 Configure Firewall, Effect Perform the following configurations in system view, Enabling and Disabling a