Services
A service is basically a definition of a specific IP protocol with corresponding parameters.
The service http, for instance, is defined as using the TCP protocol with destination port 80.
Services are simplistic, in that they cannot carry out any action in the firewall on their own.
Thus, a service definition does not include any information whether the service should be
allowed through the firewall or not. That decision is made entirely by the firewall policies, in
which the service is used as a filter parameter.
Adding TCP, UDP or TCP/UDP Service
For many services, a single destination port is sufficient. The http service, for instance,
uses destination port 80. To use a single destination port, enter the port number in the
destination ports text box. In most cases, all ports (0-65535) have to be used as source ports.
The second option is to define a port range; a port range is inclusive, meaning that a range
137-139 covers ports 137, 138, and 139.
Multiple ranges or individual ports may also be entered, separated by commas. For
instance, a service can be defined as having source ports 1024-65535 and destination ports
80-82, 90-92, and 95. In this case, a TCP or UDP packet with the destination port being one
of 80, 81, 82, 90, 91, 92 or 95, and the source port being in the range 1024-65535, will match
this service.
Follow these steps to add a TCP, UDP, or TCP/UDP service.
Step 1.
Go to Firewall and Service and choose add new.
Step 2.
Enter a Name for the service in the name field. This name will appear in the
service list when you add a new policy. The name can contain numbers (0-9) and upper
and lower case letters (A-Z, a-z), and the special characters - and _. No other special
characters and spaces are allowed.
Step 3.
Select TCP/UDP Service.
Step 4.
Select the protocol (TCP, UDP, or both TCP/UDP) used by the service.
Step 5.
Specify a source port or range for this service by typing in the low and high port
numbers. Enter 0-65535 for all ports, or a single port like 80 for only one source port.
Step 6.
Specify a destination port or range for this service by typing in the low and high
port numbers. Enter 0-65535 for all ports, or a single port like 80 for only one destination
port.
Step 7.
Enable the SYN Relay checkbox if you want to protect the destination from SYN
flood attacks.
Click the
Apply
button below to apply the changes or click
Cancel
to discard changes.
Summary of Contents for DFL-700 - Security Appliance
Page 1: ...D Link DFL 700 Network Security Firewall Manual Building Networks for People 04 18 2005 TM ...
Page 102: ...102 5 Select Connect to the network at my workplace and click Next ...
Page 103: ...6 Select Virtual Private Network connection and click Next ...
Page 104: ...104 7 Name the connection MainOffice and click Next ...
Page 105: ...8 Select Do not dial the initial connection and click Next ...
Page 106: ...106 9 Type the IP address to the server 194 0 2 20 and click Next 10 Click Finish ...