Operation Manual
SFX SERIES USER’S GUIDE
Rev 2.2 65
Figure 2- 36 Edit Firewall Table Page
The following fields can be edited on the Edit Filtering Table page:
Edit Field Description
! Clicking on the “not” (!) check box negates the logic for the immediate edit field to the right of the
check box. For example, !192.168.0.199 for the Source IP would mean all IP packets whose
source IP address is not 192.168.0.199.
Source IP Enter a source IP Address in dotted decimal notation, here if you wish to filter IP packets on
their source IP address.
Port
Enter a TCP or UDP Port number in any of the two port fields ((Source IP, Destination IP), if you
wish. If a port is specified, you must select a specific protocol (TCP or UDP).
Destination IP Enter a Destination IP Address in dotted decimal notation, here if you wish to filter IP packets on
their destination IP address.
Chain Select the Input or Output Chain. You can have 25 rules for the input chain and 25 rules for the
output chain.
Protocol Enter the IP packet protocol. Options are All Protocols (default), UDP/IP Protocol, or TCP/IP
Protocol. If port numbers are specified in a rule, you must select UDP or TCP.
Action Select an action to be taken for the firewall operation. The three selections are:
ACCEPT – accept packet and continue processing and output.
REJECT – throw away the packet, but send an ICMP Destination Unreachable message back
on the originating host network interface. This is useful for eth0 and eth1 originating packets. If
the packets originated on the sat0 interface, the ICMP message will be thrown away.
DROP – throw away the packet.
Options This field is available for “power users”, who wish to enter additional iptables options. Care
must be taken in doing so, and order may matter on entry of options. Some combinations may
not be possible. Consult the Linux iptables manual or tutorial for more information.
NOTE
:
The
Source IP/Port
and Destination
IP/Port fields
are optional,
and “Any” is the
implied default
value.