Firewall rule on CM configuration file docsDevFilterIp | docsis.org

You are here

Firewall rule on CM configuration file docsDevFilterIp

2 posts / 0 new
Last post
sharon
Firewall rule on CM configuration file docsDevFilterIp

hi
i am tiring to to permit traffic to 2 IP address and deny all the rest
but after i am putting docsDevFilterIp (.7) its not working

thanks
Sharon

SnmpMibObject docsDevFilterIpStatus.2 Integer 4; /* createAndGo */
SnmpMibObject docsDevFilterIpControl.2 Integer 2; /* accept */
SnmpMibObject docsDevFilterIpIfIndex.2 Integer 1 ;
SnmpMibObject docsDevFilterIpDirection.2 Integer 3; /* both */
SnmpMibObject docsDevFilterIpDaddr.2 IPAddress 23.44.251.16 ;
SnmpMibObject docsDevFilterIpDmask.2 IPAddress 255.255.255.255 ;

SnmpMibObject docsDevFilterIpStatus.5 Integer 4; /* createAndGo */
SnmpMibObject docsDevFilterIpControl.5 Integer 2; /* accept */
SnmpMibObject docsDevFilterIpIfIndex.5 Integer 1 ;
SnmpMibObject docsDevFilterIpDirection.5 Integer 3; /* both */
SnmpMibObject docsDevFilterIpDaddr.5 IPAddress 8.8.8.8 ;
SnmpMibObject docsDevFilterIpDmask.5 IPAddress 255.255.255.255 ;

SnmpMibObject docsDevFilterIpStatus.7 Integer 4; /* createAndGo */
SnmpMibObject docsDevFilterIpControl.7 Integer 1; /* discard */
SnmpMibObject docsDevFilterIpIfIndex.7 Integer 1 ;
SnmpMibObject docsDevFilterIpDirection.7 Integer 3; /* both */
SnmpMibObject docsDevFilterIpDaddr.7 IPAddress 0.0.0.0 ;
SnmpMibObject docsDevFilterIpDmask.7 IPAddress 0.0.0.0 ;

mbowe
Rather than adding rule 7,

1/ Rather than adding rule 7, you can control the default action (traffic didnt match any of your rules) like this :

SnmpMibObject docsDevFilterIpDefault.0 Integer 1; /* discard */

2/ Your rules 2 and 5 are filtering in "both" directions, however you are matching on daddr / dmask. So that will work for eg outbound to 8.8.8.8, but not inbound from 8.8.8.8.
If you are trying to restrict access to allow only allow these 23.44.251.16 and 8.8.8.8 IPs, you probably need 4 x rules not 2, to match both the inbound and outbound traffic.

Log in or register to post comments