Page 128 - Firewall Rules | Appendix C: Overview of IP Routing |
Firewall Rules
1.The default behaviour for incoming session is to block, unless a specific entry exists to forward the session.
2.ICMP are blocked for incoming sessions by default may not be forwarded
3.
4.When an Entry match offset is set to 0 all data in IP header is matched (effectively this don’t care mechanism)
5.When an Entry is configured with the protocols set to 0 all protocols are matched (effectively this is a don’t care)
6.The firewall engine searches the entry list only until the first match is found.
7.To aid the efficiency of the firewall engine matches are not performed on entries that have the same action as the generic. For example, if FTP is to be dropped and a further entry exists, that entry will not be checked before the packet is dropped.
8.If a packet contains an unauthorised request such as a banned Web site, the IPNC immediately replies to the packet's originator with a protocol exchange that terminates the transaction, effectively blocking the request.
9.The Action are outgoing (Out), incoming (In), Bothway or not at all (Drop). The default protocols that can be easily configured this way are:-
Generic Protocol | Description |
FTP | File Transfer Protocol |
Telnet 23/tcp | Remote Terminal Login |
SMTP 25/udp | Email delivery |
POP3 | Email reception |
DNS | Domain Name Server |
Time | Time update protocol |
Gopher |
|
Finger 79 |
|
HTTP dec 80 | Web Access |
NNTP | Network News |
SNMP | Management |
IRC | Internet Relay Chat |
PPTP |
10.Multiple firewall profiles may be created, a profile may be assigned to a service for outgoing call or for User incoming calls. A firewall configuration may be assigned to one or may services or user configuration.
Page 128 - Appendix C: Overview of IP Routing | INDeX IPNC Cassette Administration Manual |
Firewall Rules | 38DHB0002UKDD – Issue 7 (22/11/02) |