1,775
edits
L7 module: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 95: | Line 95: | ||
:The source and destination IP address of a network packet is used to match the list of IP addresses. | :The source and destination IP address of a network packet is used to match the list of IP addresses. | ||
Example values are: | :Example values are: | ||
:– 1.2.3.4 | :– 1.2.3.4 | ||
meaning exactly the IP 1.2.3.4 | :meaning exactly the IP 1.2.3.4 | ||
:– 1.2.3.0/24 | :– 1.2.3.0/24 | ||
this matches any IP between 1.2.3.0 and 1.2.3.255 | :this matches any IP between 1.2.3.0 and 1.2.3.255 | ||
:It is possible to use IPv4 or IPv6 addresses. | |||
:Up to 16 IP addresses may be used so that at least one item on the list must match. | |||
* Ports: TCP or UDP ports may be used to match traffic. The source and the destination port is used to match the list of ports. Individual ports or port ranges can be used. | * Ports: TCP or UDP ports may be used to match traffic. The source and the destination port is used to match the list of ports. Individual ports or port ranges can be used. | ||
:Example values are: | |||
Example values are: | |||
:– 80 | :– 80 | ||
meaning exactly port 80 | :meaning exactly port 80 | ||
:– 100-200 | :– 100-200 | ||
matches any port between 100 and 200 | :matches any port between 100 and 200 | ||
:Up to 16 ports or port ranges may be defined. | |||
Up to 16 ports or port ranges may be defined. | |||
Either IP addresses or ports may be left empty, but if both are defined, they must match together. So for a specific packet the source or destination IP must match any entry in the list of IP addresses and the source or destination port must match any entry in the list of ports. | Either IP addresses or ports may be left empty, but if both are defined, they must match together. So for a specific packet the source or destination IP must match any entry in the list of IP addresses and the source or destination port must match any entry in the list of ports. | ||