REJECT target
If REJECT is selected from the Target pull-down menu ,th e following pull-dow n menu appears.
Any Reject with op tion causes the input packet to b ed ropped and a reply packet of the
specified type to b e sent.
Field Name Definiti on
Rejectwith Rejectwith means that the filter willdr op the input packetan d sendback a
replypacket according to any of the reject types listed below.
icmp-net-unreachable IC MP network unr eachable alias.
icmp-host-unreachable IC MP host unreachable alias.
icmp-port-unreachable ICMPport unrea chablealias.
icmp-proto-unreachable ICMPprotocol unreachable alias.
icmp-net-prohibited ICMPnetw ork prohibited alias.
icmp-host-prohibited ICMPhost pr ohibited alias.
echo-reply Echoreplyalias.
tcp-reset TCPR ST packet alias.
Table 7.11: Reply Pac ket Names and Definit ions
NOTE: The packetsar e matched (usingt cpflags and approp riate reject type) with the REJECT target.
Firewall configurationprocedures
The following sections describe the procedures for definin g packet filtering :
To add a chain:
1. Go to Network - Firewal l Configurati on.
2. Click Add. The Ad d Chain dialog box ap pears.
3. Enter the name of the chain to be added i n the Name field.
4. Click OK. The name of the new ch ain appears in the list.
NOTE: Spacesare not allowed in the chain name.
5. Add one or more rules to finish, as described in To add a rule: on pag e 85
To edit a chain:
Performth is procedure if you wish to change t he policy for a default chai n.
84 Cyclades®ACS50 00 Installation/ Administration/User Gu ide