AlterPath ACS Installation, Administration, and User’s Guide 17
• The view table of the “Firewall Configuration” form which contains a list
of chains.
• The chains which contain the rules that control filtering.
Chain
A chain is a named profile that includes one or more rules that define the
following:
• A set of characteristics to look for in a packet
• What to do with any packet that has all the defined characteristics
The ACS filter table contains a number of built-in chains. The ACS
administrator can define additional chains and can edit the built-in chains. The
built-in chains are referenced according to the type of packet they handle as
shown in the following list:
• INPUT - For incoming packets.
• FORWARD - For packets being routed through ACS.
• OUTPUT - For outgoing packets.
As defined in the rules for the default chains, all input and output packets, and
packets being forwarded are accepted.
Rule
Each chain can have one or more rules that define the following:
• The packet characteristics being filtered.
The packet is checked for characteristics defined in the rule. For example,
a specific IP header, input and output interfaces, TCP flags and protocol.
• What to do when the packet matches the rule.
The packet can be handled according to a specified target policy such as
accepted, dropped, returned, logged, or rejected.
When a packet is filtered, its characteristics are compared against the rules
one-by-one. All defined characteristics must match. If no rules are found then
the default action for that chain is applied.
To Next Page
Loading...
