User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMP-1FXO

291

292

293

294

295

296

297

298

299

300

MediaPack

SIP User's Manual 298 Document #: LTRT-65408

Figure 12-15 shows an example of an access list definition via ini file:

Figure 12-15: Example of an Access List Definition via ini File

[ ACCESSLIST ]

FORMAT AccessList_Index = AccessList_Source_IP, AccessList_Net_Mask,

AccessList_Start_Port, AccessList_End_Port, AccessList_Protocol,

AccessList_Packet_Size, AccessList_Byte_Rate, AccessList_Byte_Burst,

AccessList_Allow_Type;

AccessList 10 = mgmt.customer.com, 255.255.255.255, 0, 80, tcp, 0, 0, 0, allow ;

AccessList 15 = 192.0.0.0, 255.0.0.0, 0, 65535, any, 0, 40000, 50000, block ;

AccessList 20 = 10.31.4.0, 255.255.255.0, 4000, 9000, any, 0, 0, 0, block ;

AccessList 22 = 10.4.0.0, 255.255.0.0, 4000, 9000, any, 0, 0, 0, block ;

[ \ACCESSLIST ]

Explanation of the example access list:

 Rule #10: traffic from the host ‘mgmt.customer.com’ destined to TCP ports 0 to 80, is

always allowed.

 Rule #15: traffic from the 192.xxx.yyy.zzz subnet, is limited to a rate of 40 Kbytes per

second (with an allowed burst of 50 Kbytes). Note that the rate is specified in bytes,

not bits, per second; a rate of 40000 bytes per second, nominally corresponds to 320

kbps.

 Rule #20: traffic from the subnet 10.31.4.xxx destined to ports 4000 to 9000 is always

blocked, regardless of protocol.

 Rule #22: traffic from the subnet 10.4.xxx.yyy destined to ports 4000 to 9000 is always

blocked, regardless of protocol.

 All other traffic is allowed.

More complex rules may be defined, relying on the ‘single-match’ process described

above:

Figure 12-16 shows an advanced example of an access list definition via ini file:

Figure 12-16: Advanced Example of an Access List Definition via ini File

[ ACCESSLIST ]

FORMAT AccessList_Index = AccessList_Source_IP, AccessList_Net_Mask,

AccessList_Start_Port, AccessList_End_Port, AccessList_Protocol,

AccessList_Packet_Size, AccessList_Byte_Rate, AccessList_Byte_Burst,

AccessList_Allow_Type;

AccessList 10 = 10.0.0.0, 255.0.0.0, 0, 65535, any, 0, 40000, 50000, allow ;

AccessList 15 = 10.31.4.0, 255.255.255.0, 4000, 9000, any, 0, 0, 0, allow ;

AccessList 20 = 0.0.0.0, 0.0.0.0, 0, 65535, any, 0, 0, 0, block;

[ \ACCESSLIST ]

Explanation of the example access list:

This access list consists of three rules:

 Rule #10: traffic from the subnet 10.xxx.yyy.zzz is allowed if the traffic rate does not

exceed 40 KB/s.

 Rule #15: if a packet didn't match rule #10, that is, the excess traffic is over 40 KB/s,

and coming from the subnet 10.31.4.xxx to ports 4000 to 9000, then it is allowed.

 Rule #20: all other traffic (which didn't match the previous rules), is blocked.

The internal firewall can also be configured via the Embedded Web Server (refer to Section

5.6.5.3 on page 171).