Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
129
Firewall
The entire local network (LAN)
Certain remote stations (described by the name of the name list)
Certain stations of the LAN described by the host name)
Certain MAC1 addresses
Ranges of IP addresses
Complete IP networks
You can only operate with host names, when your LANCOM is able to trans-
form the names into IP addresses. For that purpose the LANCOM must have
learned the names via DHCP or NetBIOS, or the assignment must be entered
staticly in the DNS or IP routing table. An entry in the IP routing table can
therefore assign a name to a whole network.
If the source or the destination for a Firewall rule has not been deter-
mined at greater detail, the rule applies generally to data packets
“from all stations” resp. “to all stations”.
The service is determined by the combination of an IP protocol with respective
source and/or destination port. For frequently used services (www, mail, etc.)
the appropriate combinations are already predefined in the LANCOM, others
can be compiled additionally as required.
Condition
The effectiveness of a Firewall rule is also reduced with additional conditions.
The following conditions are available:
Only packets with certain ToS and/or DiffServ markings.
Only, if the connection does not yet exist.
Only for default route (Internet).
Only for VPN routes.
1. MAC is the abbreviation for Media Access Control and it is the crucial factor for communi-
cation inside of a LAN. Every network device has its own MAC address. MAC addresses are
worldwide unique, similar to serial numbers. MAC addresses allow distinguishing between
the PCs in order to give or withdraw them dedicated rights on an IP level. MAC addresses
can be found on most networking devices in a hexadecimal form (e.g. 00:A0:57:01:02:03).