Figure 7.1: Expert - Firewall Config uration Add Rule and Edit Rule Dialog Bo xes
Invertedcheckboxes
If the Inverted checkbox is enabl ed for the corresponding op tion, the target actio n is performed
on packets that do no t match any of the criteria specified in that line.
For example, if you select DROP as the target a ction from the Target pull-down list, chec k
Inverted on the line w ith the Source IP and do not specify any o ther criteria in the rule, any
packets arriving from any other sou rce IPa ddress than the on e specified are dropped .
Targetpull-down menu options
The Target pull-do wn menu shows th e action to be performed on an IP packet t hat matches all
the criteria specified in a rule. The kernel can be configured to ACC EPT,DROP,RETURN,
LOG or REJECT the packet by sen ding a message, translating the source or the dest ination IP
address or sending the packe t to another u ser-defined chain.
Source or destination IP and mask
If you add a value in th e Source IPfield, inc oming packets are filtered for the specified IP
address and if you add a value in the Desti nation IP field, outgoing packets are filtered for the
specified IP address. A val ue in the Mask field means in coming or outgo ing packets are filt ered
for IPad dressesfrom the net work in the specified subnet.
Protocol
You can sele ct a protocol for fil tering. Fields that ap pear for each protocol are explain ed in the
following sectio ns.
Chapter 7: N etwork Menu and Forms 81