Intel 9515 Benutzerhandbuch
DMZ Firewall Solution for the Express Router
07-12-99 Version
1.0
11
Filters are defined as follows:
Filter
Function
Settings
—
Pass all packets destined for DMZ
Default Action:
Pass
1
Prevents RIP updates from entering the
DMZ network
DMZ network
Action:
Discard
Protocol:
UDP
Dest. address type:
All
Dest. port:
RIP
Src. address type:
All
Src. port:
All
2
Prevents tunnel packets from entering
the DMZ network
the DMZ network
Action:
Discard
Protocol:
TCP
Dest. address type:
All
Dest. port:
Tunnel
Src. address type:
All
Src. port:
All
3
Prevents RSVP packets from entering
the DMZ network/router.
the DMZ network/router.
Three separate filters are required.
Action:
Discard
Protocol:
RSVP
Dest. address type:
All
Dest. port :
All
Src. address type:
All
Src. port :
All
4
Action:
Discard
Protocol:
UDP
Dest. address type:
All
Dest. port :
= 1698
Src. address type:
All
Src. port :
All
5
Action:
Discard
Protocol:
UDP
Dest. address type:
All
Dest. port :
= 1699
Src. address type:
All
Src. port :
All
6
Prevents BootP updates from entering
the DMZ network/router.
the DMZ network/router.
Action: Discard
Protocol:
Protocol:
UDP
Dest. address type:
All
Dest. port:
67
Src. address type:
All
Src. port:
All
7
Prevents Syslog updates from entering
the DMZ network/router
the DMZ network/router
Action:
Discard
Protocol:
UDP
Dest. address type:
All
Dest. port:
= 514
Scr. address type:
All
Src. port :
All
8
Discards all packets that spoof (or fake)
the IP address of the router on LAN1.
This is necessary since these packets
will pass the Tx filter on LAN1.
the IP address of the router on LAN1.
This is necessary since these packets
will pass the Tx filter on LAN1.
Action:
Discard
Protocol:
UDP
Dest. address type:
All
Dest. port:
All