Introduction : Packet Filtering : Add rule and edit rule options

Add rule and edit rule options
When you add or edit a rule, you can define any of the options described in the following table.
Source IP and Mask
Destination IP and Mask
The input interface (ethN) used by the incoming packet.
The output interface (ethN) used by the outgoing packet.
Flag any of the above elements with Inverted to perform target action on packets not matching any criteria specified in that line. For example, if you select DROP as the target action, specify Inverted for a source IP address and do not specify any other criteria in the rule, any packets arriving from any other source IP address than the one specified are dropped.
Numeric protocol options
If you select Numeric as the protocol when specifying a rule, you need to specify the desired number.
TCP protocol options
If you select TCP as the protocol when specifying a rule, you can define the following options.
Specify a source or destination port number for filtering. Specify a range to filter TCP packets for any port number within the range.
Specify any of the flags: SYN (synchronize), ACK (acknowledge), FIN (finish), RST (reset), URG (urgent), PSH (push) and one of the Any, Set, or Unset conditions to filter TCP packets for the specified flag and selected condition.
UDP protocol options
Select UDP options by selecting UDP as the protocol when selecting a rule. Choose either the Source or Destination Port from the field, as defined above.
ICMP protocol options
When you select ICMP as a protocol when specifying a rule, you can select the ICMP options available on the display.
Target actions
The Target is the action to be performed on an IP packet that matches all the criteria specified in a rule.
NOTE: If the LOG and REJECT targets are selected, additional options are available.
For detailed information on LOG target options, see LOG target.
For detailed information on REJECT target options, see REJECT target.