After enabling the firewall, the default policy is to accept traffic from/to all IP addresses. This means only IP addresses discarded by a specific rule will NOT be permitted to access the PXE or receive any data from the PXE.
You can change the default policy to Drop or Reject, in which case traffic to/from all IP addresses is discarded except the IP addresses accepted by a specific rule.
Default policies for inbound and outbound traffic can be different.
To change the default policy for inbound traffic:
Choose Device Settings > Security > IP Access Control. The Configure IP Access Control Settings dialog appears.
To determine the default policy for IPv4 addresses:
Click the IPv4 tab if necessary.
Ensure the Enable IPv4 Access Control checkbox is selected.
Locate the Default Policy field in the Inbound Rules section.
The default policy is shown in the Default Policy field. To change it, select a different policy from the drop-down list.
Accept: Accepts traffic from all IPv4 addresses.
Drop: Discards traffic from all IPv4 addresses, without sending any failure notification to the source host.
Reject: Discards traffic from all IPv4 addresses, and an ICMP message is sent to the source host for failure notification.
To determine the default policy for IPv6 addresses:
Click the IPv6 tab.
Ensure the Enable IPv6 Access Control checkbox is selected.
Locate the Default Policy field in the Inbound Rules section.
The default policy is shown in the Default Policy field. To change it, select a different policy from the drop-down list.
Accept: Accepts traffic from all IPv6 addresses.
Drop: Discards traffic from all IPv6 addresses, without sending any failure notification to the source host.
Reject: Discards traffic from all IPv6 addresses, and an ICMP message is sent to the source host for failure notification.
Click OK. The new default policy is applied.
To change the default policy for outbound traffic:
Locate the Outbound Rules section on the IPv4 or IPv6 tab and then follow the above procedure to set up its Default Policy field by selecting one of the following options.
Accept: Permits traffic sent from the PXE to all IP addresses.
Drop: Discards traffic sent from the PXE to all IP addresses, without sending any failure notification to the destination host.
Reject: Discards traffic sent from the PXE to all IP addresses, and an ICMP message is sent to the destination host for failure notification.