Source IP and Mask
Destination IP and Mask If you specify a source IP, incoming packets are filtered for the specified IP address. If you specify a destination IP, outgoing packets are filtered for the specified IP address.If you fill in a source or destination mask, incoming or outgoing packets are filtered for IP addresses from the subnetwork in the specified netmask. You can select a protocol for filtering from one of the following options:
• The input interface (ethN) used by the incoming packet. The output interface (ethN) used by the outgoing packet. You can flag any of the above elements with inverted so that the target action is performed on packets that do not match any of the criteria specified in that line. For example, if you select DROP as the target action, specify “Inverted” for a source IP address, and do not specify any other criteria in the rule, any packets arriving from any other source IP address than the one specified are dropped.If you select Numeric as the protocol when specifying a rule, you need to specify the desired number.If you select TCP as the protocol when specifying a rule, you can define the following options.
You can specify a source or destination port number for filtering in the “Source Port” or “Destination Port” field. You can also specify a range so that TCP packets are filtered for any port number within the range. Specifying any of the flags: “SYN” (synchronize), “ACK” (acknowledge), “FIN” (finish), “RST” (reset), “URG ” (urgent), “PSH” (push), and one of the “Any,” “Set,” or “Unset” conditions, filters TCP packets for the specified flag and the selected condition.When you select UDP as a protocol when specifying a rule, you can select the UDP options defined in the following table.
Specify a source or destination port number for filtering in the “Source Port” or “Destination Port” field.You can specify a source or destination port number for filtering in the “Source Port” field. You can also specify a second number so that UDP packets are filtered for any port number within the range.When you select ICMP as a protocol when specifying a rule, you can select the following ICMP options.
•
• The “Target” is the action to be performed on an IP packet that matches all the criteria specified in a rule. The target actions are:
•
•
•
•
•
The following table has links to the procedures for defining packet filtering using the Web Manager.