Filter
Top Products
52 Chapter 3 IP Firewall Service
To create an IP filter for TCP ports:
1 In Server Admin, choose Firewall from the Computers & Services list.
2 Click Settings.
3 Select the Advanced tab.
4 Click the New button.
Alternatively, you can select a rule similar to the one you want to create, and click
Duplicate then Edit.
5 Select whether this filter will allow or deny access in the Action pop-up menu.
6 Choose TCP from the Protocol pop-up menu.
7 Choose a TCP service from the pop-up menu.
If you want to select a nonstandard service port, choose Other.
8 If desired, choose to log packets that match the filter.
9 Enter the Source IP address range you want to filter.
If you want it to apply to any address, choose Any from the pop-up menu.
If you have selected a nonstandard service port, enter the source port number.
10 Enter the Destination IP address range you want to filter.
If you want it to apply to any address, choose Any from the pop-up menu.
If you have selected a nonstandard service port, enter the source port number.
11 Choose which network interface this filter applies to.
12 Click OK.
13 Click Save to apply the filter immediately.
Creating an Advanced IP Filter for UDP Ports
You can use the Advanced Settings pane to configure very specific filters for UDP
ports. Many services use User Datagram Protocol (UDP) to communicate with the
server. By default, all UDP connections are allowed. You should apply filters to UDP
ports sparingly, if at all, because “deny” filters could create severe congestion in your
server traffic.
If you filter UDP ports, don’t select the “Log all allowed packets” option in the filter
configuration windows in Server Admin. Since UDP is a “connectionless” protocol, every
packet to a UDP port will be logged if you select this option.
You should also allow UDP port access for specific services, including:
• DNS
• DHCP
• SLP
• Windows Name Service browsing
LL2351.Book Page 52 Monday, September 8, 2003 2:47 PM