Specifying IP Addresses for Firewall Rules
You can either limit communication to only devices with specified IP addresses, or block devices with specified IP addresses but permit other communications. You can specify a single IP address or a range of IP addresses.
|
Up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.
The packet filters described in this section control communications over TCP, UDP, and ICMP.
|
1
Start the Remote UI and log on in System Manager Mode.
Starting Remote UI
2
Click [Settings/Registration].
3
Click [Security Settings]
[IP Address Filter].
4
Click [Edit...] for the filter type that you want to use.
[IPv4 Address: Outbound Filter]
Select to restrict sending data from the machine to a computer by specifying IPv4 addresses.
[IPv4 Address: Inbound Filter]
Select to restrict receiving data from the machine to a computer by specifying IPv4 addresses.
[IPv6 Address: Outbound Filter]
Select to restrict sending data from the machine to a computer by specifying IPv6 addresses.
[IPv6 Address: Inbound Filter]
Select to restrict receiving data from the machine to a computer by specifying IPv6 addresses.
5
Specify the settings for packet filtering.
Select the default policy to allow or reject the communication of other devices with the machine, and then specify IP addresses for exceptions.
1
|
Select the [Use Filter] check box and click the [Reject] or [Allow] radio button for the [Default Policy].
[Use Filter] Select the check box to restrict communication. Clear the check box to disable the restriction.
[Default Policy] Select the precondition to allow or reject the communication of other devices with the machine.
[Reject]
|
Select to pass communication packets only when they are sent to or received from devices whose IP addresses are entered in [Exception Addresses]. Communications with other devices are prohibited.
|
[Allow]
|
Select to block communication packets when they are sent to or received from devices whose IP addresses are entered in [Exception Addresses]. Communications with other devices are permitted.
|
|
2
|
Specify address exceptions.
Enter the IP address (or the range of IP addresses) in the [Address to Register] text box and click [Add].
Check for entry errors
If IP addresses are incorrectly entered, you may be unable to access the machine from the Remote UI, in which case you need to set <IPv4 Address Filter> or <IPv6 Address Filter> to <Off>. IPv4 Address Filter IPv6 Address Filter
Entry form for IP addresses
|
Description
|
Example
|
Entering a single address
|
IPv4: Delimit numbers with periods.
|
192.168.0.10
|
IPv6: Delimit alphanumeric characters with colons.
|
fe80::10
|
Specifying a range of addresses
|
Insert a hyphen between the addresses.
|
192.168.0.10-192.168.0.20
|
Specifying a range of addresses with a prefix
|
Enter the address, followed by a slash and a number indicating the prefix length.
|
192.168.0.32/27
fe80::1234/64
|
When [Reject] is selected for an outbound filter Outgoing multicast and broadcast packets cannot be filtered.
Deleting an IP address from exceptions Select an IP address and click [Delete].
|
3
|
Click [OK].
|
6
Restart the machine.
Turn OFF the machine, wait for at least 10 seconds, and turn it back ON.
LINKS