LANCOM Reference Manual LCOS 3.50 Chapter 8: Firewall
150
Firewall
Further measures
If the "close port" action is executed, an entry in a block list is made, by
which all packets, which are sent at the respective computer and port, get
rejected. For the "close port" object a timeout can be given in seconds,
minutes or hours, which is inserted directly behind the object ID. This time
value is composed of the designator of the time unit (h, m, s for hour,
minute and second), and the actual time. Thus e.g. %pm10 closes a port
for 10 minutes. If no time unit is provided, then implicitly "minutes" apply
(and thus %p10 is equivalent to %pm10).
If the "Deny host" action is executed, then the sender of the packet is reg-
istered in a block list. Starting from this moment, all packets received from
the blocked server will be rejected. Also the "Deny host" object can be
provided with a time-out, which is formed similarly to the "CLOSE port"
option.
If you want to limit e.g. the permissible data rate for a connection to 8 kbps
and to lock out the aggressor committing a flooding attempt, and furthermore
Measure Description Object
ID
Syslog Gives a detailed notification via SYSLOG. %s
Mail Sends an email to the administrator. %m
SNMP Sends a SNMP trap. %n
Close port Closes the destination port for a given time. %p
Deny host Locks out the sender address for a given time. %h
Disconnect Disconnects the connection to the remote site from which
the packet was received or sent. %t
Zero limit Resets the limit counter to 0 again upon exceeding of the
trigger threshold.
%z
Fragmenta-
tion Forces a fragmentation of all packets not matching to the
rule. %f