3Com 3CBLSG24 User Guide - Page 68

68 CHAPTER 4: MANAGING DEVICE SECURITY ■ Destination Port - Indicates the destination port that is used for matched packets. Enabled only when TCP or UDP are selected in the Protocol list. The field value is either user defined or Any. If Any is selected, the IP based ACL is applied to any destination port. ■ TCP Flags - If checked, enables configuration of TCP flags matched to the packet. The possible fields are: ■ Urg - Urgent pointer field significant. The urgent pointer points to the sequence number of the octet following the urgent data. ■ Ack - Acknowledgement field significant. The acknowledgement field is the byte number of the next byte that the sender expects to receive from the receiver. ■ Psh - Push (send) the data as soon as possible, without buffering. This is used for interactive traffic. ■ Rst - Reset the connection. This invalidates the sequence numbers and aborts the session between the sender and receiver. ■ Syn - Synchronize Initial Sequence Numbers (ISNs). This is used to initialize a new connection. ■ Fin - Finish. This indicates there is no more data from the sender. This marks a normal closing of the session between the sender and receiver. For each TCP flag, the possible field values are: ■ Set - Enables the TCP flag. ■ Unset - Disables the TCP flag. ■ Don't Care - Does not check the packet's TCP flag. ■ ICMP - If checked, enables filtering ICMP packets for an ICMP message type. The possible values are: ■ Select from List - Selects an ICMP message type from a list. ■ ICMP Type - Specifies an ICMP message type. ■ Any - Does not filter for an ICMP message type. ■ ICMP Code - If checked, enables specifying an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. ■ IGMP - If checked, enables filtering IGMP packets for an IGMP message type. The possible values are: ■ Select from List - Selects an IGMP message type from a list.