Multi-Tech Systems RF660 User Manual
Chapter 6 – RouteFinder Software
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
102
Packet Filters > Packet Filter Rules
System Defined Rules
These rules define a set of common application services that are allowed outbound access through the
RouteFinder's WAN interface. The software defines a default Service Group called default_outbound. The
services under default_outbound are FTP, TELNET, DNS, HTTP, POP3, IMAP, and HTTPS.
RouteFinder's WAN interface. The software defines a default Service Group called default_outbound. The
services under default_outbound are FTP, TELNET, DNS, HTTP, POP3, IMAP, and HTTPS.
Add User Defined Packet Filter Rules
New packet filter rules are created by choosing from four drop-down lists. All services, networks, and groups
previously created in Definitions are available for selection. Click Add to create the appropriate rule; it then
displays at the bottom of the table. The new rule automatically receives the next available number in the table.
The overall effectiveness of the rule is decided by its position in the table. You can move the new rule within
the table with the Move function in the Command column.
previously created in Definitions are available for selection. Click Add to create the appropriate rule; it then
displays at the bottom of the table. The new rule automatically receives the next available number in the table.
The overall effectiveness of the rule is decided by its position in the table. You can move the new rule within
the table with the Move function in the Command column.
Important:
The order of the rules in the table is essential for the correct functioning of the firewall. By clicking the Move
button, the order of execution can be changed. In front of rule to be moved, enter the line number that indicates
where the rule should be placed. Confirm by clicking OK.
By default, new rules are created at the end of the table.
button, the order of execution can be changed. In front of rule to be moved, enter the line number that indicates
where the rule should be placed. Confirm by clicking OK.
By default, new rules are created at the end of the table.
From –
Select the network from which the information packet must be sent for the rule to match. You can
also select network groups. The Any option can also be given which matches all IP addresses, regardless
of whether they are officially assigned addresses or so-called private addresses. These Network clients or
groups must be pre-defined in the Networks menu. Example:
of whether they are officially assigned addresses or so-called private addresses. These Network clients or
groups must be pre-defined in the Networks menu. Example:
net1 or host1 or Any
Service –
Select the service that is to be matched with the rule. These services are pre-defined in the
Services menu. With the help of these services, the information traffic to be filtered can be precisely
defined. The default entry Any selects all combinations of protocols and parameters (e.g., ports).
Example: SMTP,ANY
defined. The default entry Any selects all combinations of protocols and parameters (e.g., ports).
Example: SMTP,ANY
To –
Select the network to which the data packets are sent for the rule to match. Network groups can also
be selected. These network clients or groups must be pre-defined in the Networks menu.
Action –
Select the action that is to be performed in the case of a successful matching (applicable filter
rule). There are three types of actions:
•
Accept: This allows/accepts all packets that match this rule.
•
Reject: This blocs all packets that match this rule. The host sending the packet will be informed that
the packet has been rejected.
the packet has been rejected.
•
Drop: This drops all packets that match this rule, but the host is not informed. The action Drop is
recommended for filter violations that constantly take place, are not security relevant, and only flood
the LiveLog with meaningless messages (e.g., NETBIOS-Broadcasts from Windows computers).
To drop packets with the target address Broadcast IP, you first have to define the appropriate
broadcast address in the form of a new network in the Networks menu (defining new networks is
explained in detail earlier in this chapter). You must then set and enable the packet filter rule.
recommended for filter violations that constantly take place, are not security relevant, and only flood
the LiveLog with meaningless messages (e.g., NETBIOS-Broadcasts from Windows computers).
To drop packets with the target address Broadcast IP, you first have to define the appropriate
broadcast address in the form of a new network in the Networks menu (defining new networks is
explained in detail earlier in this chapter). You must then set and enable the packet filter rule.
To Broadcast on the Whole Internet:
To Broadcast on One Network Segment:
1. Open the Networks & Services menu, click Add,
and enter the following data:
Name: Broadcast32
IP Address: 255.255.255.255
Subnet Mask: 255.255.255.255
IP Address: 255.255.255.255
Subnet Mask: 255.255.255.255
2. Confirm your entries by clicking the Add button.
3. Open the Rules menu in the Packet Filter
3. Open the Rules menu in the Packet Filter
directory and set the packet filter rules:
From (Client): Any
Service: Any
To (Server): Broadcast32
Action: Drop
Service: Any
To (Server): Broadcast32
Action: Drop
4. Confirm your entries by clicking the Add button.
1. Open the Networks & Services menu, click Add,
and enter the following data:
Name: Broadcast8
IP Address: 192.168.0.255
Subnet Mask: 255.255.255.255
IP Address: 192.168.0.255
Subnet Mask: 255.255.255.255
2. Confirm your entries by clicking the Add button.
3. Open the Rules menu in the Packet Filter.
3. Open the Rules menu in the Packet Filter.
directory and set the packet filter rules:
From (Client): Any
Service: Any
To (Server): Broadcast8
Action: Drop
Service: Any
To (Server): Broadcast8
Action: Drop
4. Confirm your entries by clicking the Add button.
Add –
Confirm your entry by clicking the Add button. After a successful definition, the rule is always
added to the end of the rule set table. Entries can be edited by clicking the Edit button, which loads the
data into the entry menu. The entries can then be edited. The changes are saved by clicking the Save
button.
data into the entry menu. The entries can then be edited. The changes are saved by clicking the Save
button.
Delete –
Rules can be deleted by clicking the Delete button.