IP Filtering

disable:   if checked, not execute filter.
policy:    choose deny,reject,accept or none. if logging only, select none.
           -- deny:   neglect packet
           -- reject: reply icmp destinaton port unreachable packet
device:    choose filtering network interface.(output interface if forward.)
loggin:    if checked,logging to kernel log.
direction: filtering traffic direction to interface
protocol:  if you'll define ports ,you must choose tcp or udp.
           if you select syn,it specify syn packet of tcp.
src addr:  source address of packets.you can define network.
           you define one address type, never include space.
           you must input any address.
           example ) 192.168.0.1 , 192.168.0.2/32 , 192.168.0.2/24
                     10.0.0.0/255.0.0.0 , 0/0 (all address)
src port:  source port number is delimit by comma
           Caution: never include space.
           example ) 20,21,25,80,8000:10000 (':' express range)"
           example ) !20 ( "!" is except. don't use multi port. range is ok.)
dest addr: destnation address of packets. see 'src addr'.
dest port: destnation port of packets. see 'src port'.

Default Policy:

Packet Filter:

No	Order	Enable	Policy
1		disable	none accept deny reject	device:	all in out dmz
	logging	direction:		protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
2		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
3		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
4		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
5		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
6		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
7		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
8		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
9		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
10		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
11		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
12		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
13		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port:
14		disable	none accept deny reject	device:	all in out dmz
	logging	direction:	input output forward	protocol:	all tcp udp icmp syn
		src addr:		src port:
		dest addr:		dest port: