Defining Access Control Lists
79
■
ICMP
— If checked, enables filtering ICMP packets for an ICMP
message type. The possible values are:
■
Select from List
— Selects an ICMP message type from a list.
■
ICMP Type
— Specifies an ICMP message type.
■
Any
— Does not filter for an ICMP message type.
■
ICMP Code
— If checked, enables specifying an ICMP message code
for filtering ICMP packets. ICMP packets that are filtered by ICMP
message type can also be filtered by the ICMP message code.
■
IGMP
— If checked, enables filtering IGMP packets for an IGMP
message type. The possible values are:
■
Select from List
— Selects an IGMP message type from a list.
■
IGMP Type
— Specifies an IGMP message type.
■
Any
— Does not filter for an IGMP message type.
■
Source IP Address
— Matches the source IP address to which
packets are addressed to the rule.
■
Wild Card Mask
— Defines the source IP address wildcard mask.
Wildcard masks specify which bits are used and which bits are
ignored. A wildcard mask of 255.255.255.255 indicates that no bit
is important. A wildcard of 0.0.0.0 indicates that all the bits are
important. For example, if the source IP address 149.36.184.198
and the wildcard mask is 0.0.0.255, the first three bytes of the IP
address are matched, while the last eight bits are ignored.
■
Destination IP Address
— Matches the destination IP address to
which packets are addressed to the rule.
■
Wild Card Mask
— Indicates the destination IP Address wildcard
mask. Wildcards are used to mask all or part of a destination IP
Address. Wildcard masks specify which bits are used and which
bits are ignored. A wildcard mask of 255.255.255.255 indicates
that no bit is important. A wildcard mask of 0.0.0.0 indicates that
all bits are important. For example, if the destination IP address
149.36.184.198 and the wildcard mask is 0.0.255.255, the first
two bytes of the IP address are used, while the last two bytes are
ignored.
■
Match DSCP
— Matches the packet DSCP value to the rule. Either the
DSCP value or the IP Precedence value is used to match packets to the
rule.