Example ip filters – Netopia D3232 IDSL User Manual

Security 8-75

E

E

E

Exxxxaa

a

am

m

m

mp

p

p

pllllee

e

e IIIIP

P

P

P ffffiiiillllttttee

e

errrrssss

E

E

E

Exxxxaa

a

am

m

m

mp

p

p

pllllee

e

e 1111

Write a filter rule that blocks the class C subnet represented by 200.1.1.0/25 from accessing the net.

Incoming packet has the source address of 200.1.1.28

To determine if the packet will match on the filter, per form a Boolean AND on the source IP address and the
filter’s source IP mask:

This incoming IP packet has a source IP address that matches the network address in the Source IP Address
field (whose last byte is binar y 00000000) in the Netopia D-Series. This will not for ward this packet.

E

E

E

Exxxxaa

a

am

m

m

mp

p

p

pllllee

e

e 2

2

2

2

Incoming packet has the source address of 200.1.1.184.

Filter Rule:

200.1.1.0

(Source IP Network Address)

255.255.255.128

(Source IP Mask)

For ward = No

(What happens on match)

IP Address

Binar y Representation of
the last byte of the IP
address

200.1.1.28

00011100

(Source address in incoming IP packet)

AND

255.255.255.128

10000000

(Per form the logical AND)

00000000

(Logical AND result)

Filter Rule:

200.1.1.0

(Source IP Network Address)

255.255.255.128

(Source IP Mask)

For ward = No

(What happens on match)

IP Address

Binar y Representation

200.1.1.184

10111000

(Source address in incoming IP packet)

AND