Example Rules

The information on this page shows how to configure rules for Telnet on the firewall.

Scenario:	Telnet
Description:	Allows remote login across a network
Port Number:	23
Actions Required:	Permit Telnet from secure hosts to non-secure hosts
	Deny Telnet from non-secure hosts to secure hosts

Rules:	permit sh.sh.sh.sh. m.m.m.m sf.sf.sf.sf. m.m.m.m tcp gt 1023 eq 23 secure local inbound
	(permits any secure host to Telnet the firewall's secure interface)
	permit sf.sf.sf.sf m.m.m.m sh.sh.sh.sh. m.m.m.m tcp/ack eq 23 gt 1023 secure local outbound
	(permits the firewall's secure interface to Telnet ACK any secure host)
	permit nf.nf.nf.nf m.m.m.m nh.nh.nh.nh m.m.m.m tcp gt 1023 eq 23 non-secure local outbound
	(permits the firewall's non-secure interface to Telnet any non-secure host)
	permit nh.nh.nh.nh m.m.m.m nf.nf.nf.nf m.m.m.m tcp/ack eq 23 gt 1023 non-secure local inbound
	(permits any non-secure host to Telnet ACK the firewall's non-secure interface)
	deny nh.nh.nh.nh m.m.m.m nf.nf.nf.nf m.m.m.m tcp gt 1023 eq 23 non-secure local inbound
	(denies Telnet from any non-secure host to the firewall's non-secure interface)

sh.sh.sh.sh = any secure host IP address
sf.sf.sf.sf = firewall's secure interface IP address
nf.nf.nf.nf = firewall's non-secure interface IP address
nh.nh.nh.nh = any non-secure host IP address
m.m.m.m = address mask
(Note: All IP addresses must be specified in dotted decimal format, e.g. 192.168.42.50)