Creating Firewall Rules

Firewall rules determine whether to accept or discard traffic to/from the PXE, based on the IP address of the host sending or receiving the traffic. When creating firewall rules, keep these principles in mind:

  1. Choose Device Settings > Security > IP Access Control. The Configure IP Access Control Settings dialog appears.
  2. Click the IPv4 tab for creating IPv4 firewall rules, or click the IPv6 tab for creating IPv6 firewall rules.
  3. Ensure the Enable IPv4 Access Control checkbox is selected on the IPv4 tab, or the Enable IPv6 Access Control checkbox is selected on the IPv6 tab.
  4. To set rules for inbound traffic, go to the Inbound Rules section. To set rules for outbound traffic, go to the Outbound Rules section.
  5. Create specific rules. See the table for different operations.

    Action

    Procedure

    Add a rule to the end of the rules list

    • Click Append. The "Append new Rule" dialog appears.
    • Type an IP address and subnet mask in the IP/Mask field.
    • Select Accept, Drop or Reject from the drop-down list in the Policy field.
      • Accept: Accepts traffic from/to the specified IP address(es).
      • Drop: Discards traffic from/to the specified IP address(es), without sending any failure notification to the source or destination host.
      • Reject: Discards traffic from/to the specified IP address(es), and an ICMP message is sent to the source or destination host for failure notification.
    • Click OK.

      The system automatically numbers the rule.

    Insert a rule between two existing rules

    • Select the rule above which you want to insert a new rule. For example, to insert a rule between rules #3 and #4, select #4.
    • Click Insert. The "Insert new Rule" dialog appears.
    • Type an IP address and subnet mask in the IP/Mask field.
    • Select Accept, Drop or Reject from the drop-down list in the Policy field.
      • Accept: Accepts traffic from/to the specified IP address(es).
      • Drop: Discards traffic from/to the specified IP address(es), without sending any failure notification to the source or destination host.
      • Reject: Discards traffic from/to the specified IP address(es), and an ICMP message is sent to the source or destination host for failure notification.
    • Click OK.

      The system inserts the rule and automatically renumbers the following rules.

  6. When finished, the rules appear in the Configure IP Access Control Settings dialog.

    IP Access Control dialog

  7. Click OK. The rules are applied.

See Also

Configuring the Firewall

Enabling the Firewall

Changing the Default Policy

Editing Firewall Rules

Sorting Firewall Rules

Deleting Firewall Rules