Lancom Systems LCOS 3.50 User Manual

LANCOM Reference Manual LCOS 3.50

̈

Chapter 8: Firewall

150

Fi

rew

a

ll

̈

Further measures

If the "close port" action is executed, an entry in a block list is made, by
which all packets, which are sent at the respective computer and port, get
rejected. For the "close port" object a timeout can be given in seconds,
minutes or hours, which is inserted directly behind the object ID. This time
value is composed of the designator of the time unit (h, m, s for hour,
minute and second), and the actual time. Thus e.g. %pm10 closes a port
for 10 minutes. If no time unit is provided, then implicitly "minutes" apply
(and thus %p10 is equivalent to %pm10).

If the "Deny host" action is executed, then the sender of the packet is reg-
istered in a block list. Starting from this moment, all packets received from
the blocked server will be rejected. Also the "Deny host" object can be
provided with a time-out, which is formed similarly to the "CLOSE port"
option.

If you want to limit e.g. the permissible data rate for a connection to 8 kbps
and to lock out the aggressor committing a flooding attempt, and furthermore

Measure

Description

Object
ID

Syslog

Gives a detailed notification via SYSLOG.

%s

Mail

Sends an email to the administrator.

%m

SNMP

Sends a SNMP trap.

%n

Close port

Closes the destination port for a given time.

%p

Deny host

Locks out the sender address for a given time.

%h

Disconnect

Disconnects the connection to the remote site from which
the packet was received or sent.

%t

Zero limit

Resets the limit counter to 0 again upon exceeding of the
trigger threshold.

%z

Fragmenta-
tion

Forces a fragmentation of all packets not matching to the
rule.

%f