PRIMERGY 10GbE Connection Blade 18/8 User Guide
50 / 95
3.12
Configuring IP Filtering
This section describes how to configure IP filtering which controls packets by combination of IP address
and port number for network security.
<IP Filtering Condition>
Packet data flow can be controlled by specifying the following parameter in ACL.
- Source IP Information
(
IP Address/Address Mask/Port Number
)
- Destination IP Information
(
IP Address/Address Mask/Port Number
)
- Protocol
- TOS value
、
DSCP value of IP packet
<IP Filtering design policy>
There are two way for filtering design.
A. Pass the specified packets and reject the others.
B. Reject the specified packets and pass the others.
This chapter explains the following examples for A.
-Pass only packets to access the specified service.
-Pass only packets to the specified server
And explains the following example for B.
-Reject only packets to the specified server
-Reject only ping to the specified server.
3.12.1
Configuring IP filter
This section describes how to configure IP filter which passes access to Web server and DNS sever and
rejects the other accesses.
<Filtering Design>
Pass access to Web server from 192.168.1.0/24
Pass access to DNS server from 192.168.1.0/24
Pass ICMP packets
Reject the other packets
<Commands>
Pass TCP packets to port80 of Web Server
(config)#acl 0 ip 192.168.1.0/24 any 6 any
(config)#acl 0 tcp any 80
(config)#lan 0 ip filter 0 pass acl 0
Pass UDP packets to port53 of DNS server.
(config)#acl 1 ip 192.168.1.0/24 192.168.0.10/32 17 any
(config)#acl 0 udp any 53
(config)#lan 0 ip filter 1 pass acl 1
Pass ICMP packets
(config)#acl 2 ip any any 1 any
(config)#lan 0 ip filter 2 pass acl 2
Reject the other packets
(config)#acl 3 ip any any any
(config)#lan 0 ip filter 3 reject acl 3
Save the configuration
(config)#save