User Guide

REJECT target

If REJECT is selected from the Target pull-down menu, the following pull-down menu appears.

Any Reject with option causes the input packet to be dropped and a reply packet of the

specified type to be sent.

Field Name Definition

Reject with

Reject with means that the filter will drop the input packet and send back a

reply packet according to any of the reject types listed below.

icmp-net-unreachable ICMP network unreachable alias.

icmp-host-unreachable ICMP host unreachable alias.

icmp-port-unreachable ICMP port unreachable alias.

icmp-proto-unreachable ICMP protocol unreachable alias.

icmp-net-prohibited ICMP network prohibited alias.

icmp-host-prohibited ICMP host prohibited alias.

echo-reply Echo reply alias.

tcp-reset TCP RST packet alias.

Table 7.11: Reply Packet Names and Definitions

NOTE: The packets are matched (using tcp flags and appropriate reject type) with the REJECT target.

Firewall configuration procedures

The following sections describe the procedures for defining packet filtering:

To add a chain:

1. Go to Network - Firewall Configuration.

2. Click Add. The Add Chain dialog box appears.

3. Enter the name of the chain to be added in the Name field.

4. Click OK. The name of the new chain appears in the list.

NOTE: Spaces are not allowed in the chain name.

5. Add one or more rules to finish, as described in To add a rule: on page 85

To edit a chain:

Perform this procedure if you wish to change the policy for a default chain.

84 Cyclades

ACS5000 Installation/Administration/User Guide