Firewall configuration
Digi TransPort User Guide 659
[in-out]
The [in-out] field can be in or out and is used to specify whether the action applies to inbound
or outbound packets. When the field is left blank, the rule is applied to any packet irrespective
of its direction.
[options]
Used to define a number of options that may be applied to packets matching the rule. These
are:
log
When the log option is specified, the router places an entry in the FWLOG.TXT file each time it
processes a packet that matches the rule. This log normally details the rule that was matched
along with a summary of the packet contents.
• If the log option is followed by the body sub-option, the complete IP packet is entered into
the log file so when the log file is displayed, a more detailed decode of the IP packet is
shown.
•The log field can also be followed by a further sub-option that specifies a different type of
log output. This may either be snmp, syslog, or event. If snmp is specified, an SNMP trap
(containing similar information to the normal log entry), is generated when a packet
matches the rule. If syslog is specified, a syslog message is sent to the configured syslog
manager IP address. This message contains the same information as that entered into the
log file, but in a different format.
•If the body option has also been specified, some of the IP packet information is also
included.
• The size of the syslog message is limited to a maximum of 1024 bytes.
• The syslog message is sent with default priority value of 14, which expands out to facility of
USER, and priority INFO.
•If event is specified, the log output is copied to the EVENTLOG.TXT pseudo-file and the
FWLOG.TXT file.
• The event log entry contains the line number and hit count for the rule that caused the
packet to be logged.
To Next Page
Loading...
