User guide
Chapter 5: Using the Web Interface
74
Creating Firewall Rules
Firewall rules determine whether to accept or discard traffic intended for
Dominion PX, based on the IP address of the host sending the traffic.
When creating firewall rules, keep these principles in mind:
Rule order is important.
When traffic reaches the Dominion PX device, the rules are executed
in numerical order. Only the first rule that matches the IP address
determines whether the traffic is accepted or discarded. Any
subsequent rules matching the IP address are ignored by Dominion
PX.
Subnet mask may be required.
When typing the IP address, you may or may not need to specify
BOTH the address and a subnet mask. The default subnet mask is /32
(that is, 255.255.255.255). You must specify a subnet mask only when
it is not the same as the default. For example, to specify a single
address in a Class C network, use this format:
x.x.x.x/24
where /24 = a subnet mask of 255.255.255.0.
To specify an entire subnet or range of addresses, change the subnet
mask accordingly.
Note: Valid IP addresses range from 0.0.0.0 through 255.255.255.255.
Make sure the IP addresses entered are within the scope.
To create firewall rules:
1. Choose Device Settings > Security > IP Access Control. The
Configure IP Access Control Settings dialog appears.
2. Ensure the Enable IP Access Control checkbox is selected.
3. Create specific rules. See the table for different operations.
Action Procedure
Add a rule to the end of
the rules list
Click Append. The "Append new Rule" dialog appears.
Type an IP address and subnet mask in the IP/Mask field.
Select Accept, Drop or Reject from the drop-down list in the Policy field.
Accept: Accepts traffic from the specified IP address(es).
Drop: Discards traffic from the specified IP address(es), without
sending any failure notification to the source host.
Reject: Discards traffic from the specified IP address(es), and an
ICMP message is sent to the source host for failure notification.