Manualshelf

Technical data

ManualsBrandsSamsung ManualsFlat Panel TVPC680-ZA
41424344454647484950
3. Base configuration
Expression Meaning
port[-port] a port resp. a port range
IP_NET_x_IPADDR the IP address of the x router’s interface
IP_NET_x the x router’s subnet
IP_ROUTE_x the subnet x specified in the route (default
routes can’t be used, they would match any and
are excluded precautiously)
@name one of the names or aliases set via HOST_%_*;
the associated IP address will be filled in here
<ip oder netzwerk>:port[-port] Host- resp. network address in one of the vari-
ants above, combined with a port resp. port
range
Table 3.6.: Constraints For Source And Target In Paket Filter Rules
Example: '192.168.6.2 any DROP'
If two of these lines shine up the first will be considered as source and the second as target.
Hence, in this example we drop the packets originating from the computer with the IP address
192.168.6.2, regardless of where they are targeted.
If only one line exists the decision if target or source is meant will be made depending on
the value, which is quite easy:
If it contains a port value, target is meant,
in all other cases the source is.
If you would like to shorten the example above you could write '192.168.6.2 DROP'. No
port is mentioned, hence the constraint is valid for the source (the machine the packet originated
from).
If we were to allow communication with the ssh-deamon, we could write 'any any:22 ACCEPT'
(packets from any machine to ssh-port 22 of any machine will be accepted) or even shorter
'22 ACCEPT'. Only a port is mentioned, hence we address the target and thus all packets
targeted to port 22.
For simplification you may append BIDIRECTIONAL to the action to express that the rule
is valid for both communication directions. Then rules will be generated with source and
target addresses and if applicable ports and network interfaces exchanged while leaving the
rest untouched.
Examples:
127.0.0.1 ACCEPT local communication (source 127.0.0.1) is allowed
any 192.168.12.1 DROP packets to address 192.168.12.1 will be dropped
any 192.168.12.1 DROP LOG packets to address 192.168.12.1 will be dropped and logged additionally
any 192.168.12.1 DROP NOLOG packets to address 192.168.12.1 will be dropped but not logged
22 ACCEPT packets to port 22 (ssh) will be accepted
IP_NET_1_NET ACCEPT packets from the subnet connected to the first interface will be accepted
IP_NET_1_NET IP_NET_2_NET communication between the subnets connected to the first and second
ACCEPT BIDIRECTIONAL interface are allowed
46