IP filters (also called a rule set) act as a firewall to allow or deny individual or a range of IP addresses, ports, and protocols. When a network connection is configured to use an IP filter, all network traffic through that connection is compared, in order, to the rules of that filter. Network traffic may be allowed to pass, it may be dropped (without notice), or it may be rejected (sends back an error packet) depending upon the rules of that filter rule set.
The administrator uses the Network – IP Filter page to view, enable, add, edit, delete, and map IP filters,
Warning: IP filters configuration is a feature for advanced users. Adding and enabling IP filter sets incorrectly can disable your SLC.
To view a list of IP filters:
You can view a list of filters and a table showing how each filter is mapped to an interface.
Click the Network tab and select the IP Filter option. The Network - IP Filter page displays.
To enable IP filters:
On the Network Settings – IP Filter page, you can enable all filters or disable all filters.
Note: There is no way to enable or disable individual filters.
Enter the following:
Enable IP Filter |
Select the Enable IP Filter checkbox to enable all filters, or clear the checkbox to disable all filters. Disabled by default. |
Packets Dropped (view only) |
Displays the number of data packets that the filter ignored (i.e., did not respond to). |
Packets Rejected |
Displays the number of data packets that the filter sent a “rejected” response to. |
Test Timer |
Timer for testing IP Filter rulesets. Select No to disable the timer. Select Yes, minutes (1-120) to enable the timer and enter the number of minutes the timer should run. The timer automatically disables the IP Filters when the time expires. |
Time Remaining |
Indicates how many minutes are left on the timer before it expires and IP Filters are disabled. |
The administrator can add, edit, delete, and map IP filters.
Note: A configured filter has no effect until it is mapped.
To add an IP filter:
On the Network – IP Filter page, click the Add Ruleset button. The Network - IP Ruleset page displays.
Enter the following
Ruleset Name |
Name that identifies a filter; may be composed of letters, numbers, and hyphens only. (The name cannot start with a hyphen.) Example: FILTER-2 |
IP Address |
Specify a single IP address to act as a filter. Example: 172.19.220.64 – this specific IP address only |
Subnet Mask |
Specify a subnet mask to act as a filter. Example: 255.255.0.0 |
Protocol |
From the drop-down list, select the type of protocol through which the filter will operate. The default setting is All. |
Port Range |
Enter a range of destination TCP or UDP port numbers to be tested. An entry is required for TCP, TCP New, TCP Established, and UDP, and is not allowed for other protocols. Separate multiple ports with commas. Separate ranges of ports by colons. Examples: 22 – filter on port 22 only 23,64,80 – filter on ports 23, 64 and 80 23:64,80,143:150 – filter on ports 23 through 64, port 80 and ports 143 through 150 |
Action |
Select whether to drop, reject, or allow communications from IP addresses within the specified range. Drop ignores the packet with no notification. Reject ignores the packet and sends back an error message. Allow permits the packet through the filter. |
Generate rule to allow service |
You may wish to “punch holes” in your filter set for a particular protocol or service. For instance, if you have configured your NIS server and wish to create an opening in your filter set, select the NIS option and click the Add Rule button. This entry adds a new rule to your filter set using the NIS -configured IP address. Other services and protocols added automatically generate the necessary rule to allow their use. |
Click the right arrow button to add the new rule to the bottom of the Rules list box on the right.
To remove a rule from the filter set, highlight that line and click the left arrow. The rule populates the rule definition fields, allowing you to make minor changes before reinserting the rule. To clear the definition fields, click the Clear button.
To change the order of priority of the rules in the list box, select the rule to move and use the up or down arrow buttons on the right side of the filter list box.
To save, click the Apply button. A confirmation message displays, and the new filter displays in the menu tree.
Note: To add another new filter rule set, click the Back to IP Filter link to return to the IP Filter page.
To update an IP filter:
The administrator can update an IP filter rule set.
On the Network – IP Filter page, select the IP filter ruleset to be edited and click the Edit Ruleset button. The IP Filter Ruleset page displays.
Edit the information as desired and click the Apply button.
To delete an IP filter:
The administrator can delete an IP filter rule set.
On the Network - IP Filter page, select the IP filter ruleset to be deleted and click the Delete button.
See also