Avocent ACS V6000, Руководство пользователя

Страница: 29 / 58

If LOG is selected from the Target pull-down menu, the administrator can configure a Log
Level, a Log Prefix and whether the TCP sequence, TCP options and IP options are logged in
the Log Options Section.
If REJECT is selected from the Target pull-down menu, the administrator can select an option
from the Reject with pull-down menu; the packet is dropped and a reply packet of the selected
type is sent.
Protocol options
Different fields are activated for each option in the Protocol pull-down menu.
If Numeric is selected from the Protocol menu, enter a Protocol Number in the text field.
If TCP is selected from the Protocol menu, a TCP Options Section is activated for entering
source and destination ports and TCP flags.
If UDP is selected from the Protocol menu, the UDP section is activated for entering source and
destination ports.
Field/Menu Option Definition
Source Port - or -
Destination Port
A single IP address or a range of IP addresses.
TCP Flags
[TCP only] SYN (synchronize), ACK (acknowledge), FIN (finish), RST (reset),
URG (urgent) and PSH (push). The conditions in the pull-down menu for each flag
are: Any, Set or Unset.
Table 3.3: Firewall Configuration - TCP and UDP Options Fields
If ICMP is selected from the Protocol menu, the ICMP Type pull-down menu is activated.
If an administrator enters the Ethernet interface (eth0) in the input or output interface fields and
selects an option (
2nd and further packets , All packets and fragments or Unfragmented packets
and 1st packets ) from the Fragments pull-down menu, the target action is performed on packets
from or to the specified interface if they meet the criteria in the selected Fragments menu
option.
To add a chain:
1. Select Network - Firewall .
2. Select either IPv4 Filter Table or IPv6 Filter Table as needed.
3. Click Add .
4. Enter the name of the chain to be added.
5. Click Save .
24 ACS v6000 Installation/Administration/User Guide