EasyManua.ls Logo

Hirschmann BAT54-Rail - Page 293

Hirschmann BAT54-Rail
548 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Firewall
BAT54-Rail/F..
Release
7.54
06/08
8.3
The BAT Firewall
293
Note: If an action is given without any associated limit, then implicitly a pack-
et limit is assumed that is immediately exceeded with the first packet.
D Packet action
These packet actions can be combined arbitrarily. If you choose absurd
or ambiguous actions (e. g.: Accept + Drop), then the more secured
action will be taken (here: “Drop”).
D Further measures
Global data
(rel)
Number of kilobytes/second, minute or hour received from the destination station
or sent to it, after which the action is executed.
%lgds
%lgdm
%lgdh
Global
packet (abs)
Absolute number of packets received from the destination station or sent to it,
after which the action is executed.
%lgp
Global
packet (rel)
Number of packets/second, minute or hour received from the destination station
or sent to it, after which the action is executed.
%lgps
%lgpm
%lgph
Receive
option
Limit restriction to the direction of reception (this affects in the context with above
limitations). In the ID object column, examples are indicated.
%lgdsr
%lcdsr
Transmit
option
Limit restriction to the sending direction (this affects in the context with above lim-
itations). In the ID object column, examples are indicated.
%lgdst
%lcdst
Packet action Description Object ID
Accept The packet will be accepted. %a
Reject The packet will be rejected with the corresponding error message. %r
Drop The packet will be discarded silently. %d
Measure Description Object ID
Syslog Gives a detailed notification via SYSLOG. %s
Mail Sends an email to the administrator. %m
SNMP Sends a SNMP trap. %n
Close port Closes the destination port for a given time. %p
Deny host Locks out the sender address for a given time. %h
Disconnect Disconnects the connection to the remote site from which the packet
was received or sent.
%t
Zero limit Resets the limit counter to 0 again upon exceeding of the trigger thresh-
old.
%z
Fragmentation Forces a fragmentation of all packets not matching to the rule. %f
Limit Description Object ID

Table of Contents

Related product manuals