Packet Filtering Rules
The Packet Filtering tab brings up a panel that allows you to configure packet filtering rules. Use packet filtering to control traffic using a particular service, traffic intended for a particular service, or traffic coming from a particular address.
SunScreen EFS 3.0 uses ordered packet filtering. The Screen assumes that the first rule that matches a packet is the rule that governs the disposition of the packet.
If the packet does not match any rule, the Screen uses its default action to determine the disposition of the packet. Typically, the default action logs the packet and drops it, though other options are available.
The following table describes the available fields in the Packet Filtering tab.:
-
Rule Index (No) -- (Optional) Assigns a number to a rule. By default, this field displays a number one greater than the last rule (indicating this rule will be placed at the bottom of the list). If you type a lower number, the new rule is inserted into the specified position in the list, and the rules currently in the configuration are renumbered.
-
Screen -- (Optional) Specifies the Screen for which you want the rule to apply. Type a specific Screen name in this field if you use centralized management and want a rule to apply to a specific Screen.
-
Service -- Identifies the network service or service group to which this rule applies. Network services and service groups are described in Appendix B, "Services and State Engines."
-
Source -- The value to which the source address of a packet is compared. If an asterisk (*) appears, any source address meets the criteria of the rule.
-
Destination -- The value to which the destination address of a packet is compared to determine whether the rule should apply. If an asterisk (*) appears, any destination address meets the criteria of the rule.
-
Action -- Displays the action for the rule: ALLOW, DENY, ENCRYPT, and SECURE.
-
Time -- Specifies the time of day for the rule.
-
Description -- (Optional) Provides a brief description of the Administrative Access rule.
- © 2010, Oracle Corporation and/or its affiliates