6: Networking
EMG™ Edge Management Gateway User Guide
82
Rule Parameters
3. Click the right arrow
button to add the new rule to the bottom of the Rules list box on the
right. A maximum of 64 rules can be created for each ruleset.
4. To remove a rule from the filter set, highlight that line and click the left
arrow. The rule
populates the rule definition fields, allowing you to make minor changes before reinserting the
rule. To clear the definition fields, click the
Clear
button.
5. To change the order of priority of the rules in the list box, select the rule to move and use the
up
or down
arrow buttons on the right side of the filter list box.
6. To save, click the
Apply
button. The new filter displays in the menu tree.
Note:
To add another new filter rule set, click the
Back to IP Filter
link to return to the
page.
Updating an IP Filter
To update an IP filter rule set:
IP Address(es)
Specify a single IP address to act as a filter.
Example:
172.19.220.64
– this specific IP address only
Subnet Mask
Specify a subnet mask to determine how much of the address should apply to the
filter.
Example:
255.255.255.255
to specify the whole address should apply.
MAC Address
Specify a single MAC address to act as a filter.
Example: 10:7d:1a:33:5c:e1
Protocol
From the drop-down list, select the type of protocol through which the filter will
operate. The default setting is
All
.
Port Range
Enter a range of destination TCP or UDP port numbers to be tested. An entry is
required for TCP, TCP New, TCP Established, and UDP, and is not allowed for
other protocols. Separate multiple ports with commas. Separate ranges of ports by
colons.
Examples:
22 – filter on port 22 only
23,64,80 – filter on ports 23, 64 and 80
23:64,80,143:150 – filter on ports 23 through 64, port 80 and ports 143 through
150
Action
Select whether to
Drop
,
Reject
, or
Allow
communications for the specified IP
address, subnet mask, protocol, and port range. Drop ignores the packet with no
notification. Reject ignores the packet and sends back an error message. Allow
permits the packet through the filter.
Clear
Click the
Clear
button to clear any Rule Parameter information set above.
Generate rule to
allow service
You may wish to “punch holes” in your filter set for a particular protocol or service.
For instance, if you have configured your NIS server and wish to create an opening
in your filter set, select the NIS option and click the
Add Rule
button. This entry
adds a new rule to your filter set using the NIS -configured IP address. Other
services and protocols added automatically generate the necessary rule to allow
their use.