Add rule and edit rule options, Chain, Rule | Avocent ACS 5000

Chapter 1: Introduction 7

•The view table of the Firewall Configuration form containing a list of chains.

•The chains which contain the rules controlling filtering.

Chain

A chain is a named profile that includes one or more rules defining either a set of characteristics to look for in a packet or what to do with any packet having all the defined characteristics.

The console server filter table contains a number of built-in chains, each referenced according to the packet type they handle. As defined in the rules for the default chains, all input and output packets and packets being forwarded are accepted.

Rule

Each chain can have one or more rules that define either the packet characteristics being filtered or what to do when the packet matches the rule.

Each filtered packet characteristic is compared against the rules. All defined characteristics must match. If no rules are found then the default action for that chain is applied.

Administrators can:

•Add a new chain and specify rules for that chain

•Add new rules to existing chains

•Edit a built-in chain or delete the built-in chain rules

Add rule and edit rule options

When you add or edit a rule, you can define any of the options described in the following table.

Table 1.3: Add Rule and Edit Rule Option Definitions

Filter Options

Source IP and Mask Destination IP and Mask

Protocol

Description

With source IP, incoming packets are filtered for the specified IP address. With destination IP, outgoing packets are filtered.

If you fill in a source or destination mask, all packets are filtered for IP addresses from the subnetwork in the specified netmask.

NOTE: For IPv6, only one field is available: <IP Address>/<Prefix>.

Select protocol options for filtering from ALL, Numeric, TCP, UDP, ICMP (IPv4 only) and ICMPv6 (IPv6 only).

Input Interface	The input interface (eth0) used by the incoming packet.
Output Interface	The output interface (eth0) used by the outgoing packet.

Image 15

Avocent ACS 5000 manual Add rule and edit rule options, Chain, Add Rule and Edit Rule Option Definitions Filter Options

Contents

Cyclades ACS Canadian DOC Notice FCC Warning Statement Cyclades ACS Symbols Used B L E of C on T E N T S Configuring the Console Server in Wizard Mode Network Menu and Forms Vii Appendix a Technical Specifications 143 Overview Connectors on the Console Server ACS 5000 Console Server Connectors Number Description Accessing the Console Server and Connected Devices Web Manager Prerequisites for Using the Web Manager Authentication Types of UsersSecurity Authentication Type Definition Authentication Methods Supported Structure of IP filtering Services not supporting IPv6IPv6 Packet Filtering Add Rule and Edit Rule Option Definitions Filter Options Add rule and edit rule optionsChain Rule Icmp protocol options Numeric protocol optionsTCP protocol options UDP protocol options Prerequisites for logging to syslog servers Notifications, Alarms and Data BufferingExample of using facility numbers Syslog servers Managing Users of Connected Devices Console Server and Power ManagementConfiguring access to connected devices Common Administrator Tasks for Configuring Software Conventions used to identify outlets Additional requirements for Server Technology IPDUs Configuring ports for power management by authorized users Configuring power management Options for managing power Power management through the web managerHostname Discovery Cyclades ACS 5000 Installation/Administration/User Guide Important Pre-installation Requirements Basic Installation ProceduresMounting the console server Making an Ethernet connection To rack mount the console serverTo connect devices to serial ports Console server serial port pin-out information To connect to the console port To turn on connected devices To use the wiz command to configure network parametersTurning on the console server and the connected devices To turn on the console server To configure for IPv4 protocol To configure for IPv6 protocol Selecting a security profile using the web manager Selecting a security profile Other Methods of Accessing the Web ManagerAdding users and configuring ports using the web manager To use a dynamic IP address to access the web manager Connecting PDUs To use the default IP address to access the web managerConnecting third-party IPDUs To daisy-chain PDUs to the console server Using the Web Manager Features of Regular User FormsTo log into the web manager Form area Connect to serial ports Port access requirementsConnect Connect to the console server Connection protocols for serial ports Outlets Manager Ipdu Power Management Padlock Outlets Group CtrlView Ipdu info Bulb Form Heading Description Example PDU Power Factor To change your password Administrator Web Manager Buttons Common Features of Administrator Forms Try changes Click the try changes button Button name Use Overview of Administrative Modes Wizard modeLogging Into the Web Manager Example of Web Manager Form in Wizard Mode Expert mode Example of Web Manager Form in Expert Mode Cyclades ACS 5000 Installation/Administration/User Guide Custom security profile Default security profileSecurity Profile Pre-defined security profiles Http To select or configure a security profile Serial port settings and security profiles Network Settings To configure the network settingsPort Profile Options Port Profile Setup Options Parameter Access To set parameters for all serial portsParameter Options To add a user To change a password Data BufferingTo delete a user Wizard Data Buffering Field Names and Definitions Field name System Log To configure data buffering To delete a syslog server To add a syslog server Cyclades ACS 5000 Installation/Administration/User Guide Overview of menus and forms Configuring the Console Server in Expert Mode Expert Mode Screen Elements Number Description Connect Connecting to the console serverConnecting to devices connected to the serial ports Applications Menu and Forms Ipdu Power Management Applications Ipdu Power Mgmt Outlets ManagerTo connect to a device through a serial port OFF Expert Outlets Manager Icons Description ButtonPurpose To view status, lock, unlock, rename or cycle power outlets Avocent PM PDU information displayedThird-party Ipdu information displayed Applications Ipdu Power Mgmt. Outlets Group Ctrl Applications Ipdu Power Mgmt. View IPDUs InfoExpert Ouatlet Groups Ctrl Information Form Heading PM20i/30A To view and reset Ipdu information Applications Ipdu Power Mgmt. Configuration Ipdu Power Mgmt Configuration Description Shown Element Type To download Cyclades Ipdu software Applications Ipdu Power Mgmt. Software UpgradeTo upgrade software on a Cyclades PM Ipdu Expert To upgrade software on non-Cyclades IPDUs To upgrade software on a Avocent PM PDU Expert Applications PMD ConfigurationApplications PMD Configuration- General Applications PMD Configuration- Outlet Groups To delete an outlet group Applications PMD Configuration Users ManagementTo configure an outlet group To authorize a user for Ipdu power management Prefix Group Outlet entry conventions To create a menu for a local server terminal Expert Applications Terminal Profile Menu Click apply changes Expert Network Menu Descriptions Menu Selection Host Settings Disabling IPv4 General host settingsDNS Service Disabling and enabling IPv4 or IPv6 protocols Disabling/Enabling IPv6 IPv4 settings IPv6 settings Other interfaces IPv6 Ethernet interfacesIPv6 serial interfaces IPv6 PPP interfaces To configure IPv4 protocol To configure host settings Expert from the General form To configure IPv6 protocol Syslog MYCOMPANYDOMAIN-VPN VPN Connections Click on apply changes To configure VPN Description Example, 193.168.44.0/24 To configure Snmp Firewall Configuration Edit Rules button Edit buttonDelete button Add button Protocol Inverted checkboxesTarget pull-down menu options Source or destination IP and mask Expert TCP Options Fields Field/Menu Option Numeric protocol fieldsTCP protocol fields UDP protocol fields Icmp protocol fields Input interface, output interface and fragmentsLOG target To edit a chain Firewall configuration proceduresReject target To add a chain To edit a rule To add a rule Host Table Static RoutesTo define the console server’s IP address and hostname Field or Menu Name Definition To configure static routes Expert Cyclades ACS 5000 Installation/Administration/User Guide Users and Groups Security Menu and Forms Expert Add User Dialog Field Names and Definitions Adding a UserAdding a Group To delete a user or group To modify a group To change a user’s passwordActive Ports Sessions To add a group TTY To view, kill or refresh active user sessions To configure the console servers login authentication method Configuring authentication for console server logins To configure a Radius authentication server Group authorization on RadiusTo configure a TACACS+ authentication server To configure an Ldap authentication server Group authorization on TACACS+ To configure Ldap authentication Group Authorization on LdapTo configure a Kerberos authentication server Go to Security Authentication Kerberos in Expert mode Security Profiles To configure a NIS authentication server Custom security profile Serial port settings and security profiles Certificate for Http security Security certificates Certificate on ssh User configured digital certificate To select one or more serial ports To enable or disable serial portsPhysical Ports 103 Console Access Server CAS profile connection protocols General formConnection profiles Terminal Server TS profile connection protocols Ports Menu and Forms Bidirectional Telnet protocol Connection Protocols for Modems or IPDUs Protocol Name Modem and power management connection protocols Cyclades ACS 5000 Installation/Administration/User Guide Click apply changes To configure a power management protocol for an Ipdu To associate an alias to a serial port Access To configure user access to serial portsAccess Form Menu and Fields FieldDescription Authentication methods and fallback mechanism Data Buffering To configure a serial port login authentication method Data Buffering Form Fields Field Name Definition Mode Local Destination Field Name Definition To configure data buffering for serial ports Expert Multi User Form Fields Field Name Definition Multi User Power Management Expert Power Management Form Fields Field Name To configure a serial port for Ipdu power management Other To configure a serial port for Ipmi power management TCP Port 10 Other Form Fields Field Name Definition To configure terminal server connection options 11 New/Modify Port Dialog Box Fields Field Name Definition Virtual Ports To assign names to slave ports in the cluster To cluster console servers or modify cluster configuration Ports Statistics Ports Status 14 Expert Ports Hostname Discovery Fields Expert Ports Hostname Discovery Cyclades ACS 5000 Installation/Administration/User Guide System Information 129System Information Form InformationParameters Notifications To view system informationInformation Parameters Email Notifications Entry Notifications Form Fields Field Name DefinitionEmail Notifications Dialog Box Fields Field Name Definition Pager notifications entry Untitled dropdown field Snmp trap notifications entry Cold Start To set the time and date manually Serial ports alarm notificationTo configure a trigger for serial port alarm notification Time/Date To use the custom option to set daylight savings time To configure time and date using an NTP serverSetting up a customized timezone configuration To create a custom timezone selection Boot Configuration Form Fields Field Name Definition Boot Configuration Select Flash or Network from the Unit boot from menu To configure the console server boot Go to Administration Backup Config in Expert mode Backup Configuration To upgrade the console server firmware Upgrade Firmware Reboot To reboot the console serverOnline Help To configure the local online help path Appendix a Technical Specifications 143Environmental Hardware Erhöhte Umgebungstemperatur im betrieb TemperatureElevated operating ambient temperature Temperatur Circuit overloading Safety precautions for operating the console serverMechanical loading Sicherer mechanischer Aufbau Appendices Working inside the console server Electrostatic Discharge ESD Precautions Vorsichtsmassnahmen gegen Elektrostatische Entladung ESD Replacing the battery Austausch der BatterieRemplacement de la batterie Arbeiten am Cyclades ACS Baterìa FCC warning statementCanadian DOC notice Appendix C Technical Support To resolve an issue Cyclades ACS 5000 Installation/Administration/User Guide For Technical Support