Avocent Access Router Cyclades-PR2000 User Manual

104

Chapter 12 - Filters and Rules

Cyclades-PR2000

The configuration for “Stop forged packets” is shown in the following listing:

Rules Lists
Rule List Name

Rule

Default

List

Linked

Status

Scope

Type

Rule
List

slot1_in

Enabled

Permit

Filter

Filter_list Name slot1_in
Rule 0
Status

Enabled

Scope

Deny

Protocol

0

Source IP Operator

Equal

Source IP start

10.0.0.0

Source IP Mask

255.0.0.0

Destination IP Operator

None

Source Port Operator

None

Destination Port Operator

None

TCP connections allowed

Y

Account Process allowed

N

FIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLE

Slot1_in, rule 0

, prohibits any incoming packets with source IP addresses of the internal network. Since

the addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is
a leak of traffic through another router to the perimeter network.

Imagine that, as shown in the figure, the network is expanded and another range of IP addresses is used (not a
sub-network).

Rule 0

in the list

Slot1_in

will not protect this network. Either another rule can be added to

this list, or the new router can filter packets into its area (or both).