Introduction > Packet Filtering on the OnSite > Add Rule and Edit Rule Options

Add Rule and Edit Rule Options
When you add or edit a rule you can define any of the options described in the following table.
Source IP and Mask
Destination IP and Mask
 
If you specify a source IP, incoming packets are filtered for the specified IP address. If you specify a destination IP, outgoing packets are filtered for the specified IP address.
If you fill in a source or destination mask, incoming or outgoing packets are filtered for IP addresses from the subnetwork in the specified netmask.
 
 
 
The input interface (ethN) used by the incoming packet.
The output interface (ethN) used by the outgoing packet.
You can flag any of the above elements with inverted so that the target action is performed on packets that do not match any of the criteria specified in that line. For example, if you select DROP as the target action, specify “Inverted” for a source IP address, and do not specify any other criteria in the rule, any packets arriving from any other source IP address than the one specified are dropped.
Numeric Protocol Options
If you select Numeric as the protocol when specifying a rule, you need to specify the desired number.
TCP Protocol Options
If you select TCP as the protocol when specifying a rule, you can define the following options.
Source Port
- OR -
Destination Port
You can specify a source or destination port number for filtering in the “Source Port” or “Destination Port” field. You can also specify a second number, so that TCP packets are filtered for any port number within the range starting with the first number and ending with the second.
Specifying any of the flags: “SYN” (synchronize), “ACK” (acknowledge), “FIN” (finish), “RST” (reset), “URG ” (urgent) or “PSH” (push), and one of the “Any,” “Set,” or “Unset” conditions, filters TCP packets for the specified flag and the selected condition.
UDP Protocol Options
When you select UDP as a protocol when specifying a rule, you can select the UDP options defined in the following table.
Source Port
- OR -
Destination Port
Specify a source or destination port number for filtering in the “Source Port” or “Destination Port” field.
You can specify a source or destination port number for filtering in the “Source Port” field. You can also specify a second number so that UDP packets are filtered for any port number within the range.
ICMP Protocol Options
When you select ICMP as a protocol when specifying a rule, you can select the following ICMP options.
Target Actions
The “Target” is the action to be performed on an IP packet that matches all the criteria specified in a rule.The target actions are:
If the “LOG” and “REJECT” targets are selected, additional options are available.
The following table describes the options for the “LOG” Target.
The following list shows the options for the REJECT Target:
Firewall Configuration Procedures
The following table has links to the procedures for defining packet filtering using the Web Manager.
For information about defining packet filtering in the OSD, see Configure>Network>IP Filtering Screens [OSD].

Introduction > Packet Filtering on the OnSite > Add Rule and Edit Rule Options