Manualshelf

Operation Manual

ManualsBrandsMax ManualsVideoSFX Series
61626364656667686970
SFX SERIES USER’S GUIDE
Rev 2.2 62
Edit Field Description
packets originated on the sat0 interface, the ICMP message will be thrown away.
Drop – throw away the packet.
Options This field is available for “power users”, who wish to enter additional iptables options. Care
must be taken in doing so, and order may matter on entry of options. Some combinations may
not be possible. Consult the Linux iptables manual or tutorial for more information.
In addition to the edit fields there are four table row manipulation keys on the Edit Filtering Table Page Figure 2- 23:
Key Description
Add Add the entered information above the table to the table as the last row.
Remove Delete the selected (highlighted) row.
Up If there is more than one row in the table, move the selected row up one row.
Down If there is more than one row in the table, move the selected row down one row.
Firewall
The Firewall submenu is responsible for maintenance of the Firewall Tables in the receiver. There are two tables: one
for the input chain (packets originating from elsewhere) and one for the output chain (packets generated by the
receiver), and up to 25 rules can be used to filter on various IP packets, either by IP header or MAC address criteria in
each table. Firewall tables are used to filter on incoming IP data, or outgoing data generated by the receiver,
regardless of the network interface the packet originated from.
Firewalling is done using options within the Linux iptables facility. More information on iptables can be obtained from
the manual or tutorial online at sites such as http://www.redhat.com. Additionally, you can contact IDC Customer
Service for a copy of the iptables tutorial (see Chapter 3). The iptables facility under Linux is extensive and complex;
and Firewalling is only one part of this facility. The Firewall submenu is intended to make configuration of this function
more user friendly.
Firewalling is performed by the receiver according to the following rules:
1. IP packets can originate from any of the available network interfaces and are processed by the receiver in
accordance with the data flow in Figure 2- 12.
2. Up to 50 filtering rules can be entered in the editable table – 25 for INPUT and 25 for OUTPUT. Rules are
executed from the first rule to the last rule, in sequence. Order matters; the first rule that is applicable to the
incoming packet is applied. Subsequent rules after that are ignored.
3. If there is no applicable rule in the appropriate Firewall table, the corresponding Input or Output default rule is
applied to the packet.
4. Packets can be filtered by Source IP Address/Port or Destination IP Address/Port, or both. Ports can only be
specified if UDP or TCP protocols are selected.
5. Provision is made in the rule table for additional iptables options, allowing for maximum flexibility. However,
extreme care should be taken when using additional options, and the iptables manual must be consulted in
this case. (One example of an option usage is for MAC Address Filtering, using options like: “–m mac – –
mac-source xx:xx:xx:xx:xx:xx”.)