• The view tab le of the Firewall C onfiguration form contai ning a list of chains.
• The chains which contain the rules co ntrolling filtering.
Chain
A chain i s a named profile that includ es one or more rules defini ng either a set o f characteristics
to look for in a packet or what to do w ith any packet having all th ed efined characteristics.
The console server filt er table contain s a number of built -in chains, each referenced acco rding
to the packet ty pe they handle. As defined in the rules for the default chains, all in put and
output pack ets and packets bein g forwarded are accepted.
Rule
Each chain can have o ne or more rules that d efine either the p acket characteristics bei ng filtered
or what to do whe n the packet matches the rule.
Each filtered packet characteristic i s compared against the rules. All defin ed characteristics must
match. If no rules are found then t he default actio n for that chain is appli ed.
Administrators can:
• Add a new chain an d specify rules for that chain
• Add new rules to existing chains
• Edit a built-in chain or dele te the built-in chain rules
Add rule and edit rule optionsWhen you add or ed it a rule, you can define a ny of the opt ions described in the follo wing
table.
Filter Option s Description
SourceIP and M ask
DestinationIP and Mask
Withsource IP, incoming packetsare filtered for the specified IP address. Withd estinationIP,
outgoingpackets are filtered.
Ifyou fill ina sour ceor destination mask, allpackets are filtered for IP addr essesfrom the
subnetworkin the specifiednetmask.
NOTE: For IPv6, only one field is available:<IP Addr ess>/<Prefix>.
Protocol Selectprotocol options for filtering from ALL, Numer ic,T CP, UDP, ICMP (I Pv4 only) and ICMPv6
(IPv6only).
InputInter face Theinput interface (eth0) used by the incoming packet.
OutputInter face The output interface ( eth0) used by the outgoing packet.
Table 1.3: Add Rule and Edit Rule Option D efinitions
Chapter 1: Introd uction 7