CHAPTER 4: CONSOLE FEATURES 43IP ACLImportant: Please make absolutely certain that all IP addresses have been entered correctlybefore enabling IP ACL. If not, you may be locked out of the unit and be unable to access the unitin the future; the only way to restore access to the unit is to perform a factory reset, removing alluser-defined values that you have programmed, forcing you to completely reconfigure the unit.OverviewThere are two ways for a Dominion SX Administrator to manage IP Access Control Lists (IP ACLs):• Via the Graphical User Interface (GUI) for configuring and managing IP ACLs• Via the Command Line Interface (CLI) using SSH/Telnet. Please note that when using the CLI, wehighly recommended using SSH, not Telnet, to securely configure the IP ACL.Because Dominion SX leverages the IPTables firewall functionality to provide IP ACL capability,familiarity with IPTables is strongly recommended, and knowledge of the concepts of Access Control Lists(ACL) is a prerequisite for configuring and administering the Dominion SX IP ACL feature. ExplainingIPTables is beyond the scope of this document. Please refer to IPTables documentation for more specificdetails on creation and management of the IP ACL rule lists. We also suggest the following link:http://iptables-tutorial.frozentux.net/iptables-tutorial.htmlRule Creation and ExecutionNote: We recommend that you turn IP ACL logging OFF when creating an Allow rule. If not, everyaccepted packet that matches the rule will be logged, causing the log file to increase in size very quickly.To create access rules, click on the IP ACL tab on the Dominion SX screen. Click Insert to insert a newrule in the rules table on this screen.After configuring all IP ACL parameters, you can create rules. Rules in the table begin with the number(No.) zero (0), and continue in numerical order. When attempting to make a connection, Dominion SX willstart at the beginning of the rules table list and continue through the list in order until an applicable rule ismatched with the command executed.
