Activating packet rules

 

Activating the packet rules that you create is the final step in configuring packet rules.

You must activate or load the rules that you created in order for them to work. However, before you activate your rules, you should verify that they are correct. Always try to resolve any problems before activating your packet rules. If you activate the rules that have errors or that are ordered incorrectly, your system will be at risk. Your system has a verify function that is automatically invoked any time you activate your rules. Because this automatic feature only checks for major syntactical errors, you should not rely solely on it. Make sure to always manually check for the errors in your rules files as well.

When filter rules are not applied to an interface (for example, you are only using NAT rules, not filtering rules), a warning (TCP5AFC) appears. This is not an error. It only verifies whether using one interface is your intention. Always look at the last message. If it says the activation is successful, the messages above it are all warnings.

When you activate new rules on all interfaces, they replace all the previous rules on all physical interfaces. Even if a physical interface is not mentioned in the new rules, it will be replaced. However, if you choose to activate new rules on a specific interface, the rules will only replace the rules on that specific interface. Existing rules on other interfaces will be untouched.

After your packet rules have been configured and activated, you might need to periodically manage them to ensure the security of your system.

 

Parent topic:

Configuring packet rules
Previous topic: Verifying packet rules

Related concepts
Scenario: Mapping IP addresses using NAT Scenario: Creating filter rules to allow HTTP, Telnet, and FTP traffic Scenario: Combining NAT and IP filtering Scenario: Hiding IP addresses using masquerade NAT

Related tasks
Managing packet rules