3.4.7Filtering Traffic From the Down Link Ports to the Management Port
You can configure the packet filtering to prevent specified IP traffic from reaching the internal management port (NETMGT) from the
Note – Traffic is not allowed between
The system default is to stop all IP packets from passing from the
When configuring filtering for the management port through the web interface or CLI, the following parameters can be configured:
■Rule – The rule number (between 1 and 128). A filter rule can be inserted at the specified position in the table, pushing any existing patterns at or below that location down in the table. A rule number cannot exceed the next available number in the table. If the rule number is not specified, a new pattern is appended to the end of the rule table.
■Action – The control that blocks or allows packets passing from the
■Protocol – The protocol (either TCP, UDP, or Any), or protocol number (between 0 and 255).
■Keyword Flags (Code Sequence) – A flag in byte 14 of the TCP header. You can specify a sequence of codes (ON if selected and OFF if not selected). The symbolic name and corresponding bit include these items:
■fin (1) – Finish
■syn (2) – Synchronize
■rst (4) – Reset
■psh (8) – Push
■ack (16) – Acknowledgement
■urg (32) – Urgent pointer
■Code – The decimal number (between 0 and 63) representing a bit string that specifies flag bits in byte 14 of the TCP header.
■Bitmask – The decimal number representing a bit mask that is applied to the code. Enter a decimal number, where the equivalent binary bit “1” means to match a bit and “0” means to ignore a bit. Specify 32 (urg), 16 (ack), 8 (psh), 4 (rst), 2 (syn), or 1 (fin).
