Cyclades PR1000 User Manual

90

Chapter 12 - Filters and Rules

Cyclades-PR1000

Steps necessary to activate filtering on the exterior router in the example:

1 There are two interfaces with two directions each. Filtering on link 1 requires the creation of two rule lists,

called

exterior_in

and

exterior_out

. Create them using the menu CONFIG =>RULES LIST =>IP

=>ADD RULE LIST and the following parameters:

Rule List Type = Filter
Default Scope = Deny
Linked Rule List Name = None

2 Create the rules for each rule list in the order in which they should be evaluated. The order is important and

mis-ordering the rules can cause unexpected results. This is done in the menu CONFIG =>RULES LIST
=>IP =>CONFIGURE RULES. The parameters for rules 0 and 1 in the example are shown in Figure 12.4.

3 Link the rule lists to the respective interface parameters in the menu CONFIG =>INTERFACE =>

<INTERFACE>

=>NETWORK PROTOCOL =>INCOMING/ OUTGOING RULE LIST NAME. exterior_in should be set as the
incoming rule list name and exterior_out should be set as the outgoing rule list name.

Exterior_in, rule 0

, allows a remote computer to connect to the bastion host using the TCP protocol on its

SMTP port.

Exterior_out, rule 0

, allows the Bastion Server to RESPOND to the connection started by the

remote computer. To send e-mail

out

, two more rules would be needed. If all the router needs to do is receive e-

mail, the configuration is done. If not, other “holes” must be created in the deny ball.

The configuration for “Let e-mail in” is shown in the following figure (obtained by selecting CONFIG =>RULES LIST
=>IP =>L in the menus):