Firewall configuration
Digi TransPort User Guide 664
Filtering on port numbers
Suppose a Telnet server is running on a machine on IP address 10.1.2.63, and you want to make
this accessible. The filter from the previous example blocks all packets to 10.1.2.*. To make the
Telnet server available on 10.1.2.63, add the following line before the blocking rule:
pass break end from any to 10.1.2.63 port=23
A packet sent to the Telnet server (port 23) on IP address 10.1.2.63 matches this rule, and further
checking is prevented by the break end option.
The above example illustrates the
= comparison. Other comparison methods supported are:
You can also specify a port in range or a port out of range with the
>< or <> symbols. For example,
to pass all packets to addresses in the range 23 to 28, the rule is:
pass break end from any to 10.1.2.63 port 23><28
To simplify ports references, some commonly used port numbers are associated with the
predefined strings, listed in the table below. For example, in the example above, if we substitute
the number 23 with the string telnet, the rule would be:
pass break end from any to 10.1.2.63 port=telnet
Other port keywords that are defined are as follows. The service keywords are predefined based
on standard port numbers. These port numbers may have been defined differently on your
system, in which case you should use the port numbers explicitly, and not the defined names.
Symbol Meaning
!= not equal
> greater than
<less than
<= less than or equal to
>= greater than or equal to
Keyword Std. Port Service
Ftpdat 20 File Transfer Protocol data port
Ftpcnt 21 File Transfer Protocol control port
telnet 23 Telnet server port
smtp 25 SMTP server port
http 80 Web server port
pop3 110 Mail server port
sntp 123 NTP server port
ike 500 Source/destination port for IKE key
xot 1998 Destination port for XOT packets
To Next Page
Loading...
