Filter
Top Products
Chapter 3 IP Firewall Service 47
Using Address Ranges
When you create filters using Server Admin, you enter an IP address and the CIDR
format subnet mask. Server Admin shows you the resulting address range, and you can
change the range by modifying the subnet mask. When you indicate a range of
possible values for any segment of an address, that segment is called a wildcard. The
following table gives examples of address ranges created to achieve specific goals.
Rule Mechanism and Precedence
The filter rules in the General panel operate in conjunction with the rules shown in the
Advanced panel. Usually, the broad rules in the Advanced panel block access for all
ports. These are lower-priority rules and take effect after the rules in the General panel.
The rules created with the General panel open access to specific services, and are
higher priority. They take precedence over those created in the Advanced panel. If you
create multiple filters in the Advanced panel, a filter’s precedence is determined by the
rule number which is the rule’s order in the Advanced panel. Rules in the advanced
panel can be re-ordered by dragging the rule within the list.
For most normal uses, opening access to designated services in the advanced panel is
sufficient. If necessary, you can add additional rules using the Advanced panel, creating
and ordering them as needed.
Multiple IP Addresses
A server can support multiple homed IP addresses, but firewall service applies one set
of filters to all server IP addresses. If you create multiple alias IP addresses, then the
filters you create will apply to all of those IP addresses.
Goal
Sample
IP address
Enter this in the
address field:
Address range
affected
Create a filter that specifies a
single IP address.
10.221.41.33 10.221.41.33 or
10.221.41.33/32
10.221.41.33
(single address)
Create a filter that leaves the
fourth segment as a wildcard.
10.221.41.33 10.221.41.33/24 10.221.41.0 to
10.221.41.255
Create a filter that leaves part of
the third segment and all of the
fourth segment as a wildcard.
10.221.41.33 10.221.41.33/22 10.221.40.0 to
10.221.43.255
Create a filter that applies to all
incoming addresses.
Select “Any” All IP addresses
LL2351.Book Page 47 Monday, September 8, 2003 2:47 PM