Filtering example #1 – Netopia Router PN Series User Manual
Page 155
Security
7-13
Src. Port: The source port to match. This is the port on the sending
host that originated the packet.
D. Port: The destination port to match. This is the port on the
receiving host for which the packet is intended.
On?: Displays Yes when the filter is in effect or No when it is not.
Fwd: Shows whether the filter forwards (Yes) a packet or discards
(No) it when there’s a match.
Filtering example #1
Returning to our filtering rule example from above (see
),
look at how a rule is translated into a filter. Start with the rule, then
fill in the filter’s attributes:
1.
The rule you want to implement as a filter is:
Block all Telnet attempts that originate from the remote host
199.211.211.17.
2.
The host 199.211.211.17 is the source of the Telnet packets
you want to block, while the destination address is any IP
address. How these IP addresses are masked determines what
the final match will be, although the mask is not displayed in
the table that displays the filter sets (you set it when you create
the filter). In fact, since the mask for the destination IP address
is 0.0.0.0, the address for Dest IP Addr could have been
anything. The mask for Source IP Addr must be
255.255.255.255 since an exact match is desired.
■
Source IP Addr = 199.211.211.17
■
Source IP address mask = 255.255.255.255
■
Dest IP Addr = 0.0.0.0
■
Destination IP address mask = 0.0.0.0
Note: To learn about IP addresses and masks, see