beautypg.com

Configuring mac firewall rules – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 587

background image

Brocade Mobility RFS Controller System Reference Guide

575

53-1003099-01

10

8. Refer to the TCP Protocol Checks field to set the following parameters:

9. Select OK to update the Firewall Policy Advanced Settings. Select Reset to revert to the last

saved configuration.

Configuring MAC Firewall Rules

Wireless Firewall

Use MAC based firewalls like Access Control Lists (ACLs) to filter/mark packets based on the IP
from which they arrive, as opposed to filtering packets on Layer 2 ports.

Optionally filter Layer 2 traffic on a physical Layer 2 interface using MAC addresses. A MAC firewall
rule uses source and destination MAC addresses for matching operations, where the result is a
typical allow, deny or mark designation to packet traffic.

NOTE

Once defined, a set of MAC firewall rules must be applied to an interface to be a functional filtering
tool.

To add or edit a MAC based Firewall Rule policy:

Stateless FIN/RESET
Flow

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or Hours (1 - 9). The default
setting is 10 seconds.

ICMP

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or Hours (1 - 9). The default
setting is 30 seconds.

UDP

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or Hours (1 - 9). The default
setting is 90 seconds.

Any Other Flow

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or Hours (1 - 9). The default
setting is 5 seconds.

Check TCP states
where a SYN packet
tears down the flow

Select the check box to allow a SYN packet to delete an old flow in TCP_FIN_FIN_STATE and
TCP_CLOSED_STATE and create a new flow. The default setting is enabled.

Check unnecessary
resends of TCP
packets

Select the check box to enable the checking of unnecessary resends of TCP packets. The default setting
is enabled.

Check Sequence
Number in ICMP
Unreachable error
packets

Select the check box to enable sequence number checks in ICMP unreachable error packets when an
established TCP flow is aborted. The default setting is enabled.

Check
Acknowledgment
Number in RST
packets

Select the check box to enable the checking of the acknowledgment number in RST packets which aborts
a TCP flow in the SYN state. The default setting is enabled.

Check Sequence
Number in RST
packets

Select the check box to check the sequence number in RST packets which abort an established TCP flow.
The default setting is enabled.

See also other documents in the category Brocade Computer Accessories: