IP Filter Rule Settings

IP Rule Number

The number assigned to the IP rule. Lower number rules filter first, so rule number sequence is very important.

Action

PERMIT allows a packet that matches the filter to pass through the interface. DENY prevents the packet from passing through the interface. Any packet that is not explicitly permitted by a PERMIT rule is denied, and any packet not explicitly denied by a DENY rule is permitted.

Source

An address in the form <IP prefix>/<netmask> to compare with the source IP address of the packet---for example, 192.168.1.0/24. The default 0.0.0.0/0 disables filtering by source address.

Destination

An address in the form <IP prefix>/<netmask> to compare with the destination IP address of the packet---for example, 192.168.1.3/32. The default 0.0.0.0/0 disables filtering by source address.

Protocol

Type of protocol whose packets are permitted or denied with this rule---IP, TCP, ICMP, UDP, AH, ESP, or IPIP ---or PROTOCOL if a protocol is specified by protocol number.

Protocol Number

If PROTOCOL appears for the protocol to permit or deny, a specified Internet protocol number listed in RFC 1700, Assigned Numbers.

Source Comparison

Source port number of the packet is EQ, LT, or GT or the number shown for Source Port.

Source Port

Number to compare the source port number of the packet to. For a table of common TCP and UDP ports, see the PortMaster Configuration Guide.

Destination Comparison

Destination port number of a packet is EQ, LT, or GT destination port number.

Destination Port

Number to compare the destination port number of the packet to. For a list of UDP and TCP Ports, see the PortMaster Configuration Guide.

ICMP Message Type

Type to compare with an ICMP message contained in a packet. More

Established

If enabled, only packets sent to an established TCP network connection are permitted.

Log

If enabled, packets explicitly permitted or denied by the rule are logged by syslog to the loghost.

Notify

If enabled, packets explicitly permitted or denied by the rule are logged by syslog to the source of the packet. If you have the ChoiceNet notifier installed, a notification popup appears on your computer.