Firewall
BAT54-Rail/F..
Release
7.54
06/08
8.3
The BAT Firewall
291
Any combination of these elements is possible. Furthermore, objects can be
defined hierarchically. So one can first define objects for TCP and UDP pro-
tocols, then objects for e.g. FTP (= TCP + ports 20 and 21), HTTP (= TCP +
port 80) and DNS (= TCP, UDP + port 53). All these single objects can be
assembled subsequently into a new object, which contains all previously de-
fined single objects then.
Stations and services can be described according to the following rules in the
object table:
Equal identifier can generate comma-separated lists as for example host
lists/address lists (%A10.0.0.1, 10.0.0.2), or hyphen-separated ranges like
port ranges (%S20-25). The occurrence of a "0" or an empty string repre-
sents the ’any’ object.
Note: When configuring via console (Telnet or terminal program), the com-
bined parameters (port, destination, source) must be embraced with in-
verted commas (character ").
Description Object ID Examples and notes
Local network %L
Remote stations %H Name must be in DSL /ISDN /PPTP or VPN
remote site list
Host name %D Note advice for host names (
→ Page 272)
MAC address %E 00:A0:57:01:02:03
IP address %A %A10.0.0.1, 10.0.0.2;
%A0 (all addresses)
Netmask %M %M255.255.255.0
Protocol (TCP/UDP/ICMP etc.) %P %P6 (for TCP)
Service (port) %S %S20-25 (for ports 20 to 25)
To Next Page
Loading...
