Example Rules




The information on this page shows how to configure rules for Telnet on the firewall.


Scenario: Telnet
Description: Allows remote login across a network
Port Number:23
Actions Required: Permit Telnet from secure hosts to non-secure hosts
Deny Telnet from non-secure hosts to secure hosts


Rules: permit sh.sh.sh.sh. m.m.m.m sf.sf.sf.sf. m.m.m.m tcp gt 1023 eq 23 secure local inbound
(permits any secure host to Telnet the firewall's secure interface)
permit sf.sf.sf.sf m.m.m.m sh.sh.sh.sh. m.m.m.m tcp/ack eq 23 gt 1023 secure local outbound
(permits the firewall's secure interface to Telnet ACK any secure host)
permit nf.nf.nf.nf m.m.m.m nh.nh.nh.nh m.m.m.m tcp gt 1023 eq 23 non-secure local outbound
(permits the firewall's non-secure interface to Telnet any non-secure host)
permit nh.nh.nh.nh m.m.m.m nf.nf.nf.nf m.m.m.m tcp/ack eq 23 gt 1023 non-secure local inbound
(permits any non-secure host to Telnet ACK the firewall's non-secure interface)
deny nh.nh.nh.nh m.m.m.m nf.nf.nf.nf m.m.m.m tcp gt 1023 eq 23 non-secure local inbound
(denies Telnet from any non-secure host to the firewall's non-secure interface)


sh.sh.sh.sh = any secure host IP address
sf.sf.sf.sf = firewall's secure interface IP address
nf.nf.nf.nf = firewall's non-secure interface IP address
nh.nh.nh.nh = any non-secure host IP address
m.m.m.m = address mask
(Note: All IP addresses must be specified in dotted decimal format, e.g. 192.168.42.50)