52
To create an IP filter for TCP ports:
1In Server Admin, choose Firewall from the Computers & Services list.
2Click Settings.
3Select the Advanced tab.
4Click the New button.
Alternatively, you can select a rule similar to the one you want to create, and click Duplicate then Edit.
5Select whether this filter will allow or deny access in the Action
6Choose TCP from the Protocol
7Choose a TCP service from the
If you want to select a nonstandard service port, choose Other.
8If desired, choose to log packets that match the filter.
9Enter the Source IP address range you want to filter.
If you want it to apply to any address, choose Any from the
If you have selected a nonstandard service port, enter the source port number.
10Enter the Destination IP address range you want to filter.
If you want it to apply to any address, choose Any from the
If you have selected a nonstandard service port, enter the source port number.
11Choose which network interface this filter applies to.
12Click OK.
13Click Save to apply the filter immediately.
Creating an Advanced IP Filter for UDP Ports
You can use the Advanced Settings pane to configure very specific filters for UDP ports. Many services use User Datagram Protocol (UDP) to communicate with the server. By default, all UDP connections are allowed. You should apply filters to UDP ports sparingly, if at all, because “deny” filters could create severe congestion in your server traffic.
If you filter UDP ports, don’t select the “Log all allowed packets” option in the filter configuration windows in Server Admin. Since UDP is a “connectionless” protocol, every packet to a UDP port will be logged if you select this option.
You should also allow UDP port access for specific services, including:
•DNS
•DHCP
•SLP
•Windows Name Service browsing
Chapter 3 IP Firewall Service