IP Filter Rule Settings
|
IP Rule Number |
The number assigned to the IP rule. Lower number rules filter first, so rule number sequence is very important. |
|
Action |
PERMIT allows a packet that matches the filter to pass through the interface. DENY prevents the packet from passing through the interface. Any packet that is not explicitly permitted by a PERMIT rule is denied, and any packet not explicitly denied by a DENY rule is permitted. |
|
Source |
An address in the form <IP prefix>/<netmask> to compare with the source IP address of the packet---for example, 192.168.1.0/24. The default 0.0.0.0/0 disables filtering by source address. |
|
Destination |
An address in the form <IP prefix>/<netmask> to compare with the destination IP address of the packet---for example, 192.168.1.3/32. The default 0.0.0.0/0 disables filtering by source address. |
|
Protocol |
Type of protocol whose packets are permitted or denied with this rule---IP, TCP, ICMP, UDP, AH, ESP, or IPIP ---or PROTOCOL if a protocol is specified by protocol number. |
|
Protocol Number |
If PROTOCOL appears for the protocol to permit or deny, a specified Internet protocol number listed in RFC 1700, Assigned Numbers. |
|
Source Comparison |
Source port number of the packet is EQ, LT, or GT or the number shown for Source Port. |
|
Source Port |
Number to compare the source port number of the packet to. For a table of common TCP and UDP ports, see the PortMaster Configuration Guide. |
|
Destination Comparison |
Destination port number of a packet is EQ, LT, or GT destination port number. |
|
Destination Port |
Number to compare the destination port number of the packet to. For a list of UDP and TCP Ports, see the PortMaster Configuration Guide. |
|
ICMP Message Type |
Type to compare with an ICMP message contained in a packet. More |
|
Established |
If enabled, only packets sent to an established TCP network connection are permitted. |
|
Log |
If enabled, packets explicitly permitted or denied by the rule are logged by syslog to the loghost. |
|
Notify |
If enabled, packets explicitly permitted or denied by the rule are logged by syslog to the source of the packet. If you have the ChoiceNet notifier installed, a notification popup appears on your computer. |