105
¾ Example 1 : Create a higher priority rule to allow IP address 192.168.2.2 Telnet access from LAN port first, and deny
Telnet access from remaining IP addresses in the same subnet.
Source Destination
Rule IP/Mask Port IP/Mask Port
In/Out
Protocol
Listen
Action
Side
1 192.168.2.2/32 192.2.254/32 22 In TCP n Pass LAN
2 192.168.2.0/24 192.168.2.254/32 22 In TCP n Deny LAN
¾ Example 2 : All Telnet access to the system from the IP addresses of subnet 192.168.2.x works with the rule 1 of
Example 2. The rule 2 won’t make any difference.
Source Destination
Rule IP/Mask Port IP/Mask Port
In/Out
Protocol
Listen
Action
Side
1 192.168.2.0/24 192.168.2.254/32 22 In TCP n Deny LAN
2 192.168.2.2/32 192.2.254/32 22 In TCP n pass LAN