Lancom Systems LCOS 3.50 User Manual

̈

Chapter 8: Firewall

LANCOM Reference Manual LCOS 3.50

147

Fi

rew

a

ll

Stations and services can be described according to the following rules in the
object table:

Equal identifier can generate comma-separated lists as for example host lists/
address lists (%A10.0.0.1, 10.0.0.2), or hyphen-separated ranges like port
ranges (%S20-25). The occurrence of a "0" or an empty string represents the
’any’ object.

When configuring via console (Telnet or terminal program), the com-
bined parameters (port, destination, source) must be embraced with
inverted commas (character ").

Action table

As described above, a Firewall action consists of condition, limit, packet
action and further measures. In the action table Firewall actions are composed
as any combination of the following elements:

Description

Object ID

Examples and notes

Local network

%L

Remote stations

%H

Name must be in DSL /ISDN /PPTP or
VPN name list

Host name

%D

Note advice for host names (

→

page 129)

MAC address

%E

00:A0:57:01:02:03

IP address

%A

%A10.0.0.1, 10.0.0.2;
%A0 (all addresses)

Netmask

%M

%M255.255.255.0

Protocol (TCP/UDP/ICMP etc.)

%P

%P6 (for TCP)

Service (port)

%S

%S20-25 (for ports 20 to 25)