User Guide
OmniAccess SafeGuard OS Administration Guide
366
Chapter 10: Detecting and Isolating Malware Security Threats
(SafeGuardOS) (config) #policy malware blaster_policy
(SafeGuardOS) (policy-malware) #description Blaster worm policy
(SafeGuardOS) (policy-malware) #
Configuring the Rules
For each rule, define a filter, an action to execute, and the precedence. The overall syntax
of a policy filter is:
filter name from source to destination protocol action precedence number
Syntax Description name Name of the malware filter.
source Specifies the source endpoint of the traffic. It
can be any of the following:
■ any – Wildcard, which matches all source
■ host – IP address of the host
■ network – IP address of the subnet
destination Specifies the destination endpoint of the traffic.
It can be any of the following:
■ any – Wildcard, which matches all
destination
■ domain – Domain name. Up to 3 servers with
10 domain names may be specified before
the list is overridden with new entries. See also
Configuring for Domain Name Service (DNS)
Server Support (optional) on page 367.
■ host – IP address of the host
■ network – IP address of the subnet
protocol Matches the IP protocol of the traffic. It can be
any of the following:
■ any – Wildcard, apply to all traffic
■ tcp – TCP; specify a protocol port number
and the port operation:
1 to 65535 – End port or the start of the end
port
■ udp – UDP; specify a protocol port number
and the port operation:
1 to 65535 – End port or the start of the end
port
action Specifies the action to be taken if the traffic
matches the preceding patterns. Action can be
any of the following:
■ action deny – drops the packet
■ action permit – allows the packet