Manuals / Force10 Networks / Computer Equipment / Network Card

Force10 Networks 100-00055-01 manual Writing Rules

Models: 100-00055-01

1 132

Page 74

74	Writing Rules

Page 74

Image 74

Force10 Networks 100-00055-01 manual Writing Rules

Contents

May 27 P-Series Installation and Operation GuideVersion Statement of Conditions Copyright 2008 Force10 NetworksTrademarks USA Federal Communications Commission FCC StatementInstallation ContentsContents PrefaceChapter Command Line InterfaceGraphical User Interface Web-based ManagementCompiling Rules Command Line ReferenceBasic Unix Commands Writing RulesAppendix F Appendix EGlossary Technical SupportObjectives PrefaceAbout this Guide AudienceAdditional Resources Information SymbolsRelated Documents P-Series Release NotesInstallation ChapterPB-10GE-2P System SpecificationsPhysical Connections Step Task Security Check BootingConfiguration Upgrading Softwarecd upgradedirectory mkdir ~/upgradedirectoryfilename ~/upgradedirectory scp username@serverabsolutepathcd upgradedirectory/firmware Commandcd upgradedirectory/pnic-compiler gmake installChapter Returning to the Default ConfigurationGetting Started To begin inspecting and filtering traffic you mustGetting Started Chapter IntroductionHardware Architecture Overview Types of Rules Sample Rules and FirmwareFirewall Deployment” on page Rule ManagementDeploying the P-Series 10-Gigabit Inline DeploymentFail-safe Deployment Optical Bypass 10-GigabitP1P0 Highly-available DeploymentPassive Deployment 10-GigabitNetwork Tap 10-Gigabit 10-Gigabit Capturing Matched TrafficNetwork Switch with SPAN port P-Series P10Capturing to a Host CPU M1 P1 P0 M0 Mirroring to Another DevicePB-10GE-2P Traffic to MonitorChapter 4 Graphical User Interface GUI Commands Command DescriptionManaging Rules, Policies, and Firmware PNIC0 Not ActiveGUI” on page Editing Dynamic Rules with the GUIdirectory see “Editing Dynamic Rules with the GUI” on page To manage firmware, see “Selecting Firmware with the GUI” on pageTo change capture/forward policies Managing Capture/Forward Policies with the GUITo modify dynamic rules fn9000014 Selecting Firmware with the GUIfn9000013 Runtime Statistics Figure 19 Runtime Statistics for Channel 0 and 1-FPGA Loaded Graphical User InterfaceReloading Firmware Graphical User Interface To launch the P-Series Node Manager Chapter 5 Web-based ManagementLaunching the P-Series Node Manager Figure 21 Lauching the P-Series Node Manager Web-based ManagementMonitoring System Performance on page Managing the P-Series using Node ManagerWeb-browser Security Certificates Managing Firmware Images on pageMonitoring System Performance Managing Firmware Images Managing the Network Interface CardFigure 25 P-Series Node Manager Card Management Panel Web-based ManagementManaging Policies Figure 26 P-Series Node Manager Policy Managment Panel Web-based ManagementSguil Server Chapter 6 Network Security MonitoringP-Series Sensors Sguil ClientInstalling the Sguil Server Installing the Sguil SystemInstalling the Sguil Sensor Hardware and Software RequirementsWireshark Installing the Sguil ClientUninstalling the Sguil Server Installation Files # win32 example set TLSPATH c/progra~1/Tcl/lib/tls1.4.1/tls14.dllWriting New Rules Running the Sguil SystemRunning the Sguil Sensor Running the Sguil Server Running the Sguil Client To run the Sguil Clientfn90028mp fn90027mpCLI commands are given in Command Line Reference on page Chapter 7 Command Line InterfaceCLI Commands Editing Dynamic Rules with the CLIIn Figure To enable MAC rewritingRemoving VLAN Tags Command Line Interface Rules Capacity Compiling RulesCreating Rules Files Compiling Rulespage Target DeviceMatch non-IP Traffic 3 Match Fragmented IPv4 Packets or IPv4 Packets w/ OptionsMaximum String Segmentation Evasion Rulessee Figure 36 on page see Figure 37 on pageEnter command gmake from pnic-compiler directory P-Series Installation and Operation Guide, version Figure 36 pnic-Compiler OptionSummary of configuration Starting and Stopping the pnic-Compilerto which the .mapping files in /usr/local/pnic Configuration and Generated Fileswhich the .bit files in /usr/local/pnic/0 are Compiler Errors Firmware FilenamesSnort Rule Headers Writing RulesSnort Rule Syntax ActionProtocol Source AddressesPorts Direction OperatorSnort Rule Options P-Series Rule SyntaxP-Series Supported Snort Keywords Destination Address and PortDynamic KeywordStatic protocolWriting Stateful Rules Stateful Matching= si ⎬ Equation∧ si then cpiStateful Rule Examples In TableThe meta.rules File Support for Snorts flow KeywordHandling Segmentation Evasion Support for Snorts within Keyword Anomalous TCP Flags Writing Rules Chapter FirewallDeploying the P-Series as a Firewall Verify Drop mode is Enabled Enabling the FirewallDrop mode Disabled Drop mode Enabled Figure 39 Enabling and Disabling Drop ModeAllowing Traffic through the Firewall Writing Rules for a Firewall Deployment#permit let through and do not log to the host pnic aggregate-mode-enable on page pnic apply-firmware on page Appendix A Command Line Referencepnic aggregate-mode-disable on page pnic default-drop-disable on page pnic default-drop-enable on pagepnic updatemacvalue on page pnic vlan-remove-disable on page pnic aggregate-mode-disablepnic temp-mem-disable on page pnic temp-mem-enable on page pnic vlan-remove-enable on page pnic web-gui-start on pagepnic aggregate-mode-enable pnic apply-firmwarepnic show-firmwares Parameters Command History ExampleCommands Display the available firmwareEnable the capturing of packets via direct memory access pnic capture-offpnic capture-on Syntax Parameters Command History ExampleSyntax Parameters Command History Example pnic cardstatusCommands Commandspnic default-drop-disable pnic compilerulespnic diag pnic default-drop-enableTemporary memory is disabled while the firewall is enabled Parameters Command History ExampleVersion PMAIN2.3.0.014 root@localhost SW# Parameters Command History ExampleUsage Information pnic flow-teardown-disable pnic flow-teardown-disablepnic flow-teardown-enable pnic flow-teardown-enablepnic getmachashindex value for an IP address pairsDisable MAC rewriting pnic guiEnable MAC rewriting pnic updatemacvalueExample pnic gui Command ExampleP-Series Installation and Operation Guide, version pnic help pnic helpSyntax Command History Example output omittedSyntax Parameters Command History Example pnic linkdownpnic linkup CommandsCommands pnic loadconfParameters Command History Example Syntax Parameters Command HistoryAddress Corresponding Parameterpnic loadeproms number pnic loadepromspnic loadparams deprecated pnic loadparams numberAddress Corresponding ParameterSyntax Parameters pnic loadrulesCommand History Example Usage Information pnic macrewrite-off pnic macrewrite-onpnic off deprecated Syntax pnic offSyntax Parameters Command History Example pnic on deprecatedUsage Information Related Commands pnic on deprecatedpnic passive-mode-disable pnic paramsCommand pnic passive-mode-enablepnic passive-mode-enable CommandsSyntax Parameters Command History Example pnic resetconfpnic restart Stop capturing and matchingEnable the network interface pnic sguil-sensor-startDisable the network interface Syntax Command History ExampleCommands Stop the Sguil sensor using the command pnic sguil-sensor-stopSyntax Parameters Command History Example pnic sguil-sensor-start -fCommands pnic sguil-sensor-stopSyntax Parameters Command History Example pnic sguil-sensor-start Start the Sguil sensorSyntax Parameters Command History Example pnic showconfpnic show-firmwares CommandsCommands pnic showtechCommand History Example Syntax Parameters Command HistoryEnable the network interface pnic startLoad the capture/block configuration Load the runtime parameters Disable the network interface using the command pnic stopCommands pnic stopEnable the network interface Syntax Parameters Command History Examplepnic temp-mem-disable pnic temp-mem-enablepnic temp-mem-disable pnic updatemacvalueUse this command with the MAC rewrite feature Enable MAC rewritingpnic vlan-remove-disable pnic vlan-remove-disablepnic vlan-remove-enable pnic vlan-remove-enableDisable the web server using the command pnic web-gui-stop pnic versionpnic web-gui-start Display the driver versionCommands Enable the web server using the command pnic web-gui-startpnic web-gui-stop CommandExample Commandspnic web-gui-start RelatedAppendix A ack number Appendix BSnort Keywords dsize number numberKeyword Description uricontent ! “datastring”Keyword Rule SyntaxAppendix B Evasion Rules Appendix C Meta and Evasion Rulesmeta Rules Appendix C Command Appendix D Basic Unix CommandsUnix Commands DescriptionDescription vi CommandsCommand ? textAppendix E GlossaryState SnortSPAN Port Static RulesTechnical Support Accessing iSupport ServicesAppendix F Manual PagesSerial Number see Locating P-Series Serial Numbers on page Contacting the Technical Assistance CenterLocating P-Series Serial Numbers Requesting a Hardware Replacement To request replacement hardware, follow these stepsTechnical Support