Section 31.1.2.2 – Westermo RedFox Series User Manual
Page 689
Westermo OS Management Guide
Version 4.17.0-0
settings (see
) for the rule:
❼ Apply rule to forwarding filter: If ”outbound interface” and/or ”destination
IP Address/subnet” are specified in the filter rule, it will apply to the ”For-
warding Filter” chain.
❼ Apply rule to input filter: If neither ”outbound interface” nor ”destination
IP Address/subnet” are specified, the filter rule will apply to the ”Input Filter”
chain.
WeOS does not support adding filter rules for the ”Output Filter” chain.
Associated with each filtering chain there is a default policy, defining what to do
with packets that do not match any of the defined filter rules. When the firewall
is enabled, the default policies for packet filtering are as follows:
❼ Input Filtering: Deny, i.e., packets to the switch are dropped unless they are
explicitly allowed.
❼ Forward Filtering: Deny, i.e., when enabling the firewall no packets will be
routed by the switch until such packet filter rules are defined.
❼ Output Filtering: Accept, i.e., there are no restrictions on the traffic origi-
nating from the switch.
31.1.2.2
Filter Rules Packet Matching
Packet filtering allow and deny rules can be specified to match IP packets based
on the following filtering parameters:
❼ Inbound Interface: The interface where the packet comes in.
❼ Outbound Interface: The interface where the packet is sent out.
❼ Source IP Address/Subnet: The source IP address of the packet. This can be
specified as a single IP address, or the rule could match a whole IP subnet.
❼ Destination IP Address/Subnet: The destination IP address of the packet.
This can be specified as a single IP address, or the rule could match a whole
IP subnet.
❼ Protocol: The protocol type of the IP payload. Typically TCP or UDP, but the
filtering can also be made to match other protocols such as ICMP and ESP
2
See
for a list of defined IP protocols.
➞ 2015 Westermo Teleindustri AB
689