IP access control rules (firewall rules) determine whether to accept or discard traffic to/from the Dominion KX IV–101, based on the IP address of the host sending or receiving the traffic. When creating rules, keep these principles in mind:
Rule order is important.
When traffic reaches or is sent from the Dominion KX IV–101, the rules are executed in numerical order. Only the first rule that matches the IP address determines whether the traffic is accepted or discarded. Any subsequent rules matching the IP address are ignored.
Prefix length is required.
When typing the IP address, you must specify it in the CIDR notation. That is, BOTH the address and the prefix length are included. For example, to specify a single address with the 24-bit prefix length, use this format:
x.x.x.x/24
/24 = the prefix length.
To create IPv4 or IPv6 IP access control rules:
Choose Security > IP Access Control.
Select the Enable IP Access Control for IPv4 or scroll down to select the checkbox for IPv6.
Select the Default Policy:
Accept: Accepts traffic from all addresses.
Drop: Discards traffic from all addresses, without sending any failure notification to the source host.
Reject: Discards traffic from all addresses, and an ICMP message is sent to the source host for failure notification.
Go to the Inbound Rules section or the Outbound Rules section according to your needs.
Inbound rules control the data sent to the Dominion KX IV–101.
Outbound rules control the data sent from the Dominion KX IV–101.
Create rules and put them in priority order.
Enter IP address and mask and select the Policy.
Click Append to add another rule. To add a rule above another, select a rule and click Insert Above.
To rearrange rules in order, click the arrow buttons on each rule. The selected rule displays in blue.
To delete a rule, click the trashcan icon.
Click Save. Note that IPv4 and IPv6 rules are saved separately.
