Справочник Пользователя для PROLINK Huricane 9200/S
Chapter
14
. Configuring Filters and Blocking Protocols
155
Filter Rule - Modify page, select the Enable radio button
and click
.
At least one subrule
: On the Bridge Filter Configuration
page, you can enable a subrule by editing it. Click
in the
Actions column in the row for the subrule. On the Bridge
Filter Subrule - Modify page, select the Enable radio button
and click
.
If a rule is enabled but none of its subrules are enabled, then the
rule will have no effect on network traffic. A rule can be in effect,
however, when some of its subrules are disabled.
If want your changes to be permanent, be sure to commit them (see
If want your changes to be permanent, be sure to commit them (see
“Committing Changes” on page 45).
+ "
)D
The following instructions create a rule for preventing Telnet access
to the device from a specific WAN interface:
1. Add rule #100 with the following settings:
1. Add rule #100 with the following settings:
Interface: ppp-0
Direction: Incoming
Action: Accept
Direction: Incoming
Action: Accept
2. Click the Enable radio button at the top of the Bridge Filter
Rule - Add page, and then click
.
3. Add subrule #1 with the following settings:
Offset = 2
Offset from = TCP Header
Mask = 0x0FFF
Cmp Type = eq
Lower Value = 0x0017
Offset from = TCP Header
Mask = 0x0FFF
Cmp Type = eq
Lower Value = 0x0017
(The hexadecimal number 0x0017 is binary port number
23, the well-known port number for Telnet packets.)
4. Click the Enable radio button at the top of the Bridge Filter
Subrule - Add page, and then click
.
5. If necessary, enable the Bridge Filter Service by clicking the
Enable radio button at the top of the Bridge Filter
Configuration page.
All TCP packets incoming on the ppp-0 interface will now be
dropped.