
Chapter 1: Introduction 7
•The view table of the Firewall Configuration form containing a list of chains.
•The chains which contain the rules controlling filtering.
Chain
A chain is a named profile that includes one or more rules defining either a set of characteristics to look for in a packet or what to do with any packet having all the defined characteristics.
The console server filter table contains a number of
Rule
Each chain can have one or more rules that define either the packet characteristics being filtered or what to do when the packet matches the rule.
Each filtered packet characteristic is compared against the rules. All defined characteristics must match. If no rules are found then the default action for that chain is applied.
Administrators can:
•Add a new chain and specify rules for that chain
•Add new rules to existing chains
•Edit a
Add rule and edit rule options
When you add or edit a rule, you can define any of the options described in the following table.
Table 1.3: Add Rule and Edit Rule Option Definitions
Filter Options
Source IP and Mask Destination IP and Mask
Protocol
Description
With source IP, incoming packets are filtered for the specified IP address. With destination IP, outgoing packets are filtered.
If you fill in a source or destination mask, all packets are filtered for IP addresses from the subnetwork in the specified netmask.
NOTE: For IPv6, only one field is available: <IP Address>/<Prefix>.
Select protocol options for filtering from ALL, Numeric, TCP, UDP, ICMP (IPv4 only) and ICMPv6 (IPv6 only).
Input Interface | The input interface (eth0) used by the incoming packet. |
Output Interface | The output interface (eth0) used by the outgoing packet. |