Firewall
270
8.3
The BAT Firewall
BAT54-Rail/F..
Release
7.54
06/08
D Stations / Service: To which stations/networks and services/protocols
does the rule refer to? (→ Page 271)
D Conditions: Is the effectiveness of the rule reduced by other conditions?
(→ Page 272)
D Trigger: On exceeding of which threshold shall the rule being triggered?
(→ Page 272)
D Action: What should happen to the data packets when the condition ap-
plies and the limit is reached? (→ Page 273)
D Further measures: Should further measures be initiated apart from the
packet action? (→ Page 273)
D Quality of Service (QoS): Are data packets of certain applications or with
the corresponding markings transferred preferentially by assurance of
special Quality of Services? (→ Page 274)
Note: Condition, limit, packet action and other measures form together a so-
called “action set”. Each Firewall rule can contain a number of action sets.
If the same trigger is used for several action sets, the sequence of action
sets can be adjusted.
In section ’How the BAT Firewall inspects data packets’ → page 259 we have
already described that in the end the lists for checking data packets are cre-
ated from Firewall rules. Thus the extension of the block diagram looks like
as follows:
To Next Page
Loading...
Need help?
General
