System Defense Rules

Within MeshCommander's System Defense panel, you can add to Intel® AMT network filters and policies that can be used to match certain type of network traffic. You can use Intel® AMT system defense to count, drop or rate limit network traffic that matches certain rules. In this page, we look at how to create advanced filters that use the "Matching Rules" box in the "Add System Defense Filter" dialog box.

The "Matching Rules" field is a comma separated list of name and values. The names must have exact capitalization and no extra spaces must be added. The values are officially described in the Intel AMT SDK starting here. For any filter of type IPv4 or IPv6, you can use the values described here.

The first matching rule is the ProtocolID, usually TCP (6) or UDP (17). For example, if you want to match on TCP traffic, you put "ProtocolID=6" in the matching rules. You must specify a protocol id of TCP or UDP before you can use any of the other filters below.

DestAddress and DestMask to filter the destination of the packet. Both of these must be used at the same time. For example, you can set the matching rules to "ProtocolID=6,DestAddress=192.168.1.0,DestMask=255.255.255.0". This will filter all packets that go to 192.168.1.*.

In addition, you can filter based on source address with SrcAddress and SrcMask. Both must be used at the same time. For example, you can have "ProtocolID=6,SrcAddress=192.168.1.0,SrcMask=255.255.0.0" to match all packets with a source address of 192.168.*.

For port filtering, you can use SrcPortStart, SrcPortEnd, DestPortStart, DestPortEnd, but there are limitations on how they can be used. Ports can only be defined using one of the following options:

  • A source port and destination port with equal values in the start and end properties
  • A range of source ports
  • A range of destination ports

So you can't have both a range of source and destination ports at the same time. For example, we can enter: "ProtocolID=6,DestPortStart=80,DestPortEnd=88" to match traffic with a destination port at or between 80 and 88.

Lastly, if you use IPv6 you can use TCPFlagsOn and TCPFlagsOff to match on IPv6 flags. You can find the details on this here.