Table 4 Managing Rules Using the GUI
Option | Description |
|
|
Edit Rules | This option invokes the vi editor on the file rules.custom in the /user/local/pnic/0 |
| directory (see “Editing Dynamic Rules with the GUI” on page 28). |
| • You can add, delete, or modify dynamic rules for either of the processing |
| channels (see Appendix D , on page 125 for information on vi). |
| • The rules are automatically compiled and loaded into the appliance; you are |
| prompted to confirm these actions. |
Manage Rules | This option instructs the DPI on handling matching packets. |
| • It displays a list of all the rules contained in the FPGA and the policy setting for |
| each. |
| • There are four policies available, and they are described in Table 5. |
| • Rules configured to ignore a |
| |
| Therefore, a permit or deny rule disables the capturing for all other rules that |
| match the same packet. |
| • To modify policy settings, see “Managing Capture/Forward Policies with the |
| GUI” on page 29. |
| Note: The Capture toggle is not used. Capture/forward settings can only be |
| modified through the graphical user interface. |
|
|
Manage Firmware | It displays the firmware files in /usr/local/pnic/firmware and allows you to select |
| one to be uploaded to the FPGA. Selecting firmware restarts and reloads the |
| FPGA. |
| To manage firmware, see “Selecting Firmware with the GUI” on page 30. |
|
|
Table 5 describes the four possible combinations of capture/forward policies.
Table 5 Capture/Forward Policies
Policy | Capture | Forward |
|
|
|
Permit |
| 3 |
|
|
|
Deny |
|
|
Alert
Divert
3 3
3
Editing Dynamic Rules with the GUI
Dynamic rules are stored in the file rules.custom in the /usr/local/pnic/0 directory. The GUI provides a quick way to access and modify these rules by invoking the vi editor on this file.
28 | Graphical User Interface |
