Firewall
272
8.3
The BAT Firewall
BAT54-Rail/F..
Release
7.54
06/08
You can only operate with host names, when your BAT is able to transform
the names into IP addresses. For that purpose the BAT must have learned
the names via DHCP or NetBIOS, or the assignment must be entered stati-
cally in the DNS or IP routing table. An entry in the IP routing table can there-
fore assign a name to a whole network.
Note: If the source or the destination for a Firewall rule has not been deter-
mined at greater detail, the rule applies generally to data packets “from all
stations” resp. “to all stations”.
The service is determined by the combination of an IP protocol with respec-
tive source and/or destination port. For frequently used services (www, mail,
etc.) the appropriate combinations are already predefined in the BAT, others
can be compiled additionally as required.
U Condition
The effectiveness of a Firewall rule is also reduced with additional conditions.
The following conditions are available:
D Only packets with certain ToS and/or DiffServ markings.
D Only, if the connection does not yet exist.
D Only for default route (Internet).
D Only for VPN routes.
U Limit / Trigger
The limit or trigger describes a quantified threshold value that must be ex-
ceeded on the defined connection before the filter action gets executed for a
data packet. A limit is composed by the following parameters:
D Unit (kbit, kbyte or packets)
D Amount, that means data rate or number.
D Reference value (per second, per minute, per hour or absolute)
1. MAC is the abbreviation for Media Access Control and it is the crucial factor for communication inside of a LAN.
Every network device has its own MAC address. MAC addresses are worldwide unique, similar to serial numbers.
MAC addresses allow distinguishing between the PCs in order to give or withdraw them dedicated rights on an
IP level. MAC addresses can be found on most networking devices in a hexadecimal form (e.g.
00:A0:57:01:02:03).
To Next Page
Loading...
Need help?
General
