Lancom Systems LCOS 3.50 User Manual

LANCOM Reference Manual LCOS 3.50

̈

Chapter 8: Firewall

148

Fi

rew

a

ll

̈

Conditions

If no further actions are specified in a “connect” or “Internet” filter, then
implicitly a combination of these filters with the “reject” action is
assumed.

̈

Limits/Trigger
Each Firewall action can be tied together with a limit, whose excess leads
to the triggering of the action. Also, several limits for a filter thereby can
build action chains.

Limit objects are generally introduced by %L, followed by:

୴

Reference: per connection (c) or globally (g)

୴

Kind: Data rate (d), number of packets (p) or packet rate (b)

୴

Value of the limit

୴

Further parameters (e. g. period and quantity)

The following limitations are available:

Condition

Description

Object
ID

Connect filter

The filter is active when no physical connection to the
packet destination exists.

@c

DiffServ filter

The filter is active when the packet contains the indicated
Differentiated Services Code Point (DSCP) (’Evaluating
ToS and DiffServ fields’

→

page 183.

@d (plus
DSCP)

Internet filter

The filter is active when the packet is received or will be
transmitted via default route.

@i

VPN filter

The filter is active when the packet is received or will be
transmitted via VPN connection.

@v

Limit

Description

Object
ID

Data (abs)

Absolute number of kilobytes on the connection after
which the action is executed.

%lcd

Data (rel)

Number of kilobytes/second, minute, hour on the con-
nection after which the action is executed.

%lcds
%lcdm
%lcdh

Packet (abs)

Absolute number of packets on the connection after
which the action is executed.

%lcp