Example of a Rule Configuration
The XYZ Company wants to set up a series of rules to implement the following security policies:
-
Allow telnet traffic from A (an address object representing an individual host) to B (an address object representing any host on a specified network).
-
Deny and log mail traffic between A and B.
-
Send NET_UNREACHABLE ICMP rejection messages for rejected telnet traffic.
-
Discard all other packets.
TABLE 3-1 illustrates the rules the XYZ Company would set up to implement this security policy. Note that the default action would be specified as DENY for each interface to implement policy 4.
Table 3-1 Sample Rules Table|
Service |
From |
To |
Rule Type |
Log |
SNMP |
ICMP |
|---|---|---|---|---|---|---|
|
telnet |
A |
B |
Allow |
NONE |
NONE |
NONE |
|
|
A |
B |
Deny |
SUMMARY |
NONE |
NONE |
|
|
B |
A |
Deny |
SUMMARY |
NONE |
NONE |
|
telnet |
* |
* |
Deny |
NONE |
NONE |
NET_UNREACHABLE |
- © 2010, Oracle Corporation and/or its affiliates