Cyclades Marine Instruments 2.3.0 Manuale Utente

80

Firewall configuration, also known as IP filtering, refers to the selective 
blocking of the passage of IP packets between global and local networks. The 
filtering is based on rules that describe the characteristics of the packet (e.g., 
the contents of the IP header, the input/output interface, or the protocol). 

This feature is used mainly in firewall applications to filter the packets that 
could potentially crack the network system or generate unnecessary traffic in 
the network.

The Firewall Configuration form is structured on two levels: 

•

The view table of the Firewall Configuration form which contains a list of 
chains. 

•

The chains which contain the rules that control filtering.

The filter table contains a number of built-in chains and can include any other 
chains that you add (user-defined chains) through the Add Chain dialog box. 
User-defined chains are called when a rule which is matched by the packet 
points to the chain. 

The built-in chains are called according to the type of packet, and are 
classified as follows:

•

INPUT - For packets coming into the ACS box itself.

•

FORWARD - For packets being routed through the ACS box.

•

OUTPUT - For locally-generated packets.

Each chain has a sequence of rules that address the following:

•

How the packet should appear in order to match the rule.

Some information about the packet is checked according to the rule, for 
example, the IP header, the input and output interfaces, the TCP flags and 
the protocol.

•

What to do when the packet matches the rule.

The packet can be accepted, blocked, logged or jumped to a user-defined 
chain.