Novell Documentation: Novell BorderManager 3.7 - Configuring the Service Type

Configuring the Service Type

Figure 9
Service Type Configuration

This page gives you a summary of defined TCP/IP service types.

You can add new service types, or delete or modify only User service types.

Figure 10
Service Type Configuration - TCP/IP

This page helps you to configure the TCP/IP service types.

Name---Name of the TCP/IP service type.

Protocol---Either select from a list of commonly used internet protocols or specify a valid protocol ID between 0 - 255.

Source and Destination Port---Define a single TCP/IP port or range of ports separated by a hyphen for the TCP or UDP protocols. Valid port number range from 1 to 65535. If not defined, the default value for this field is All.

ACK Bit Filtering---this field is enabled only if the protocol selected is TCP. If the TCP ACK Bit filtering is enabled in a filter route, only the packets with the ACK Bit set are allowed through. This will effectively block all the connections being initiated, in the direction defined by the filter rule. TCP ACK Bit filtering is often applied to all inbound TCP packets in a network.

Stateful Filtering---If stateful filtering is enabled in a filter rule, a dynamic filter will also be created in the reverse of the direction that is defined by the filter rule. The reverse filter is created with the information such as source IP address, source interface, source port, destination IP address, destination interface, and destination port. This information is stored in a table which will later be used to compare against the reply. If it is not a reply to the original request packet, stateful filtering will not allow the packet through. Stateful filtering supports both connection and connectionless protocols. For ICMP packets, only the reply ICMP messages are allowed. ICMP redirect messages will not be allowed. Stateful filtering is slower than the current static filtering but it is more secure. It does not open up all the ports as static filters do; instead, dynamic filters are created with more specific information on the IP address, source, and destination ports.

Comment---Enter a short comment in this field to save in the database along with the other entries in the form.

Click OK.