Hi Rafeeq.
I don't understand.
The default installation of the product creates a rule (one of the 15 or so created during install) called All all other IP traffic. This rule is as follows:
App=any
host=any
time=any
service=IP
adapter=all
screen=any
action=allow
logging=none
If you double click on the IP in the service box area, it opens up the service list. In the service list, the top service is enabled, service name is blank and content=IP. If you edit this, you will see that protocol is IP, type is blank and direction is both. Apply to fragmented packets only is unchecked.
This makes sense to me also. Otherwise, you would have to create hundreds of rules to allow (or deny as I want to do) all traffic. So, it makes sense in this case that this is how Symantec deals with creating a rule that addresses all traffic types.
To summarize, I want to create a set a rules for a location that denies all traffic incoming except for EAPOL wireless and DHCP. This location would kick in when the client was not able to see the mgmt server. I should only have to create three rules in this case I would think:
In order:
1) Allow EAPOL.
2) Allow DHCP
3) Block all incoming IP, all hosts, all adapters, any app
Comments appreciated.