Use Firewall Rules to order your firewall
rules. The Network
IPS appliance
reads the list from top to bottom in the order they are listed and
applies configured actions.
When a connection matches a firewall rule,
further processing for the connection stops, and the appliance ignores
any additional firewall rules you have set.
Example
Use the following statements to stop
all connections to a network segment except those connections destined
for a specific port on a specific host:
- adapter any ip src addr any dst addr 1.2.3.4 tcp dst
port 80
- (Action = "ignore")
- adapter any IP src addr any dst addr 1.2.3.1-1.2.3.255
- (Action = "drop")
The first rule allows all traffic to port 80 on host 1.2.3.4
to go to a web server as legitimate traffic. All other traffic on
that network segment is dropped. If you reverse the rule order, all
traffic to the segment is dropped, even the traffic to the web server
on 1.2.3.4.