Compatible-systems 5.4 Manuel d'utilisateur Page 201
- Page / 313
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 11 - TCP/IP Filtering 195
This rule would drop all packets with the source host address 192.15.1.10:
deny 192.15.1.10 0.0.0.0
A rule to drop all packets with a source network address of 192.15.1.0. All
packets from hosts on that network would be denied:
deny 192.15.1.0/24 0.0.0.0
IP Packet Filter Rule Set Examples
The rule set below allows only inbound and outbound mail from 192.15.14.1.
The input-filter:
permit 0.0.0.0 192.15.14.1 TCP src >= 1024 dst = 25
permit 0.0.0.0 192.15.14.1 TCP src = 25 dst >= 1024
The output-filter:
permit 192.15.14.1 0.0.0.0 TCP src = 25 dst >= 1024
permit 192.15.14.1 0.0.0.0 TCP src >= 1024 dst = 25
These sets of rules are intended to filter out all traffic and only allow
incoming and outgoing mail to a server inside a net with an IP address of
192.15.14.1. However they aren’t enough to prevent access from someone
outside using source port 25. This is because a connection to destination ports
greater than 1024 can be initiated according to the second rule in the input
filter. To prevent this from happening, add the est keyword to the second rule
in the input filter:
permit 0.0.0.0 192.15.14.1 TCP src = 25 dst >= 1024 est
The est keyword in this rule tells the device to only accept TCP packets on
the input to this interface when the connection has already been established.
A TCP packet which is attempting to initiate a connection will have only the
“SYN” flag set. If someone tries to establish a connection from the outside
using source port 25, the rule won’t match (no permit will occur). The
connection can’t be established since the packet will be dropped by the
default rule.
- CompatiView 5.4 1
- Reference Guide 1
- Table of Contents iii 3
- Chapter 9 - Bridging 149 4
- Chapter 14 - General 219 5
- Chapter 15 - OSPF 255 6
- Chapter 16 - BGP 263 6
- Appendices 277 6
- Chapter 1 - Installation and 7
- Overview 7
- About this Manual 8
- The File Menu 12
- The Database Menu 15
- The Control Menu 18
- The Output Window 20
- The Statistics Menu 20
- The Command Line Edit Box 23
- The View menu 24
- The Window Menu 25
- > IP Routing/Bridging/Off 27
- > IP Address 28
- > Network IP Subnet Mask 28
- > Routing Protocol 29
- > Numbered Interface 33
- > Update Method 35
- > IP Routing/Off 44
- IP Subinterface Dialog Box 48
- IP Connection Dialog Box 49
- IP Static Routing Dialog Box 51
- > Destination 52
- > Mask 52
- > Gateway 52
- > Metric 53
- > Redistribute via 53
- Ethernet IP Options 54
- Bridge IP Options 54
- WAN IP Options 56
- TCP/IP Routing Options 58
- IP Route Redistribution 59
- IPX Ethernet Frame Types 63
- > IPX Routing/Bridging/Off 64
- IPX Frame Types 74
- > IPX Routing/Off 75
- Bridging 77
- Dialog Box 88
- > Phase 1 Routing/Off 90
- > Phase 2 Routing/Off 92
- NBP Filtering 94
- > Area 98
- > Node 98
- > DECnet On/Bridging/Off 101
- Chapter 6 - VPN Ports and 103
- LAN-to-LAN Tunnels 103
- > Partner Address 104
- > Bind To Interface 104
- IKE Key Management 105
- > Perfect Forward Secrecy 106
- Manual Key Management 108
- Local and Peer Settings 110
- > Current VPN Group 116
- > New 116
- > Bind To 116
- > Save Secrets 119
- > Encryption Method 120
- > Start IP Address 121
- > Local IP Net 122
- > Allow Connections To 123
- > Add 123
- > Input Filters 124
- > Output Filters 124
- > Local IPX Net 125
- > Name 132
- > VPN Group 132
- IKE Policy 133
- IPSec Gateway Dialog Box 134
- Configuration 137
- ECURITY POLICY 144
- Firewall Logging Dialog Box 149
- Firewall Settings Dialog Box 152
- Chapter 9 - Bridging 155
- > Bridge On 156
- > Bridging On 159
- > WAN On 161
- > Link Type 162
- > Backup Enable Timer 167
- > Backup Disable Timer 167
- > Maintenance Protocol 168
- > Polling Frequency 169
- DLCI Database Dialog Box 170
- > DLCI # 171
- CHAP Configuration Dialog Box 172
- PAP Configuration Dialog Box 174
- SMDS Dialog Box 176
- PPP Options Dialog Box 177
- > Echo Packets On 178
- Multilink PPP Dialog Box 180
- > MPPP Bundle Name 181
- > Enable 181
- > Linked Ports 181
- > Set as Primary 181
- > Remote Name 188
- > Password/Secret 188
- > Interfaces 188
- Chapter 11 - TCP/IP Filtering 189
- TCP/IP Filter Editor Window 190
- TCP/IP Route Filter Rules 191
- TCP/IP Packet Filter Rules 194
- OMMON UDP AND TCP PORTS: 197
- TCP (6) UDP (17) 198
- ICMP (1) GRE (47) 198
- AH (51) OSPF (89) 198
- ESP (50) 198
- Chapter 12 - IPX Filtering 203
- IPX Filter Editor Window 204
- IPX Packet Filter Rules 205
- IPX Route Filter Rules 208
- IPX SAP Filter Rules 211
- Output Filters 216
- AppleTalk Packet Filter Rules 218
- Chapter 14 - General 225
- > Clock Scheme 227
- > Framing 228
- > Line Encoding 228
- > Channel Data Rate 229
- > Device Name 233
- > Password 233
- > Confirm Password 233
- > Enable Password 233
- > Confirm Enable Password 233
- SNMP Configuration 234
- > SNMP Enabled 235
- > Sets Enabled 235
- > Traps Enabled 235
- > Primary DNS Server 238
- Time Server Dialog Box 239
- Chapter 14 - General 235 241
- > Primary Server Retries 243
- > Enable SecurID 245
- > Primary Server 246
- NAT Configuration Dialog Box 247
- > Internal Range 248
- NAT Range Dialog Box 250
- NAT Mapping Dialog Box 251
- [ NAT Mapping ] 252
- 10.5.3.20 -> 198.41.9.194 252
- > Logging On 253
- LDAP Configuration 255
- 254 Chapter 14 - General 260
- Chapter 15 - OSPF 261
- OSPF Area 263
- OSPF Virtual Link 266
- Chapter 16 - BGP 269
- BGP Aggregates Dialog Box 270
- BGP Peer Configs Dialog Box 271
- IP Loopback Dialog Box 273
- BGP Peers Dialog Box 274
- BGP Route Mapping Rules 277
- or out 278
- BGP Networks 280
- 276 Chapter 16 - BGP 282
- Appendices 283
- LASS SUBNET MASK 284
- UBNET MASK HOST RANGES 285
- AppleTalk 101 290
- Bridging 101 293
- A -> Port 0 295
- B -> Port 1 295
- C -> Port 1 295
- Frame Relay 101 297
- Numerics 301
Produits connexes et manuels pour Matériel Compatible-systems 5.4
(44 pages)© 2020, manymanuals.fr. Tous droits réservés | 0.502 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels