Chapter 6 – RouteFinder Software
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
102
Packet Filters > Packet Filter Rules
System Defined Rules
These rules define a set of common application services that are allowed outbound access through the
RouteFinder's WAN interface. The software defines a default Service Group called
default_outbound
. The
services under
default_outbound
are FTP, TELNET, DNS, HTTP, POP3, IMAP, and HTTPS.
Add User Defined Packet Filter Rules
New packet filter rules are created by choosing from four drop-down lists. All services, networks, and groups
previously created in
Definitions
are available for selection. Click
Add
to create the appropriate rule; it then
displays at the bottom of the table. The new rule automatically receives the next available number in the table.
The overall effectiveness of the rule is decided by its position in the table. You can move the new rule within
the table with the
Move
function in the
Command
column.
Important:
The order of the rules in the table is essential for the correct functioning of the firewall. By clicking the
Move
button, the order of execution can be changed. In front of rule to be moved, enter the line number that indicates
where the rule should be placed. Confirm by clicking
OK
.
By default, new rules are created at the end of the table.
From –
Select the network from which the information packet must be sent for the rule to match. You can
also select network groups. The Any option can also be given which matches all IP addresses, regardless
of whether they are officially assigned addresses or so-called private addresses. These Network clients or
groups must be pre-defined in the Networks menu.
Example:
net1 or host1 or Any
Service –
Select the service that is to be matched with the rule. These services are pre-defined in the
Services menu. With the help of these services, the information traffic to be filtered can be precisely
defined. The default entry Any selects all combinations of protocols and parameters (e.g., ports).
Example:
SMTP,ANY
To –
Select the network to which the data packets are sent for the rule to match. Network groups can also
be selected. These network clients or groups must be pre-defined in the Networks menu.
Action –
Select the action that is to be performed in the case of a successful matching (applicable filter
rule). There are three types of actions:
•
Accept:
This allows/accepts all packets that match this rule.
•
Reject:
This blocs all packets that match this rule. The host sending the packet will be informed that
the packet has been rejected.
•
Drop:
This drops all packets that match this rule, but the host is not informed. The action Drop is
recommended for filter violations that constantly take place, are not security relevant, and only flood
the LiveLog with meaningless messages (e.g., NETBIOS-Broadcasts from Windows computers).
To drop packets with the target address Broadcast IP, you first have to define the appropriate
broadcast address in the form of a new network in the Networks menu (defining new networks is
explained in detail earlier in this chapter). You must then set and enable the packet filter rule.
To Broadcast on the Whole Internet:
To Broadcast on One Network Segment:
1.
Open the
Networks & Services
menu, click
Add
,
and enter the following data:
Name:
Broadcast32
IP Address
: 255.255.255.255
Subnet Mask:
255.255.255.255
2.
Confirm your entries by clicking the
Add
button.
3.
Open the
Rules
menu in the Packet Filter
directory and set the packet filter rules:
From (Client):
Any
Service:
Any
To (Server)
: Broadcast32
Action:
Drop
4.
Confirm your entries by clicking the
Add
button.
1.
Open the
Networks
& Services
menu, click
Add
,
and enter the following data:
Name
: Broadcast8
IP Address:
192.168.0.255
Subnet Mask:
255.255.255.255
2.
Confirm your entries by clicking the
Add
button.
3.
Open the
Rules
menu in the Packet Filter.
directory and set the packet filter rules:
From (Client):
Any
Service
: Any
To (Server):
Broadcast8
Action:
Drop
4.
Confirm your entries by clicking the
Add
button.
Add –
Confirm your entry by clicking the
Add
button. After a successful definition, the rule is always
added to the end of the rule set table. Entries can be edited by clicking the
Edit
button, which loads the
data into the entry menu. The entries can then be edited. The changes are saved by clicking the
Save
button.
Delete –
Rules can be deleted by clicking the
Delete
button.