Manualshelf

User guide

ManualsBrandsAvocent ManualsNetwork CardAdvanced Console Server ACS 6000
31323334353637383940
Chapter 3: Accessing the ACS 6000 Console Server via the Web Manager 27
Only the policy can be edited for a default chain; default chain policy options are ACCEPT and
DROP.
When a chain is added, only a named entry for the chain is created. One or more rules must be
configured for a chain after it is added.
Configuring the firewall
For each rule, an action (either ACCEPT, DROP, RETURN, LOG or REJECT ) must be selected
from the Target pull-down menu. The selected action is performed on an IP packet that matches all
the criteria specified in the rule.
If LOG is selected from the Target pull-down menu, the administrator can configure a Log Level, a
Log Prefix and whether the TCP sequence, TCP options and IP options are logged in the Log
Options Section.
If REJECT is selected from the Target pull-down menu, the administrator can select an option from
the Reject with pull-down menu; the packet is dropped and a reply packet of the selected type is
sent.
Protocol options
Different fields are activated for each option in the Protocol pull-down menu.
If Numeric is selected from the Protocol menu, enter a Protocol Number in the text field.
If TCP is selected from the Protocol menu, a TCP Options Section is activated for entering source
and destination ports and TCP flags.
If UDP is selected from the Protocol menu, the UDP section is activated for entering source and
destination ports.
If ICMP is selected from the Protocol menu, the ICMP Type pull-down menu is activated.
If an administrator enters the Ethernet interface (eth0 or eth1) in the input or output interface fields
and selects an option (2nd and further packets, All packets and fragments or Unfragmented packets
and 1st packets) from the Fragments pull-down menu, the target action is performed on packets
from or to the specified interface if they meet the criteria in the selected Fragments menu option.
Table 3.3: Firewall Configuration - TCP and UDP Options Fields
Field/Menu Option Definition
Source Port
- or -
Destination Port
A single IP address or a range of IP addresses.
TCP Flags [TCP only] SYN (synchronize), ACK (acknowledge), FIN (finish), RST (reset),
URG (urgent) and PSH (push). The conditions in the pull-down menu for each
flag are: Any, Set or Unset.