beautypg.com

Basic ip route filter rules and syntax – Compatible Systems 5.4 User Manual

Page 192

background image

186

Chapter 11 - TCP/IP Filtering

Rule sets that have been created with the TCP/IP Route Filter Editor Window
must be applied using the pull-down menus in the Main TCP/IP Filtering
Dialog Box.

Basic IP Route Filter Rules and Syntax

At a minimum, every non-comment line in a filter set must include an action,
and an IP address. Together these components specify a filter rule that the
device will follow when sending and/or receiving IP routing packets.

Every line in a route filter set must begin with the actions permit or deny, or
the comment indicator #.

Lines which begin with permit specify that information from routing
packets meeting the conditions should be included in the IP routing table.

Lines which begin with deny specify that information from packets
meeting the conditions should not be included in the IP routing table.

Lines which begin with # specify that the text on the line is a comment
and should be ignored.

Every line which begins with permit or deny must be followed by an IP
address. This IP address can be specified in a number of different ways.

Addresses can be specified in dotted-decimal notation. If the rightmost
components are 0, they are treated as wildcards. For example,
128.138.12.0 matches all hosts on the 128.138.12 subnet. An address
with all zeros matches anything.

A factorized format can also be used where a set of components are
substituted into an address. These addresses take the form of
#.#.#.{#,#,...}. For example, 192.12.9.{1,2,15} matches the hosts
192.12.9.1, 192.12.9.2, and 192.12.9.15. The factor set must be at the end
of the address, but addresses of the form #.{#,#,...}, #.#.{#,#,...}, etc., are
allowed. Any components past the factor set’s position are implicitly
assumed to be 0.

IP addresses may also be specified as a hexadecimal number (for
example, 0x82cc0801 matches the host address 130.204.8.1).

Any address may have an optional /bits field at its end. This denotes the
number of bits, starting with the most significant, that will be considered by
the device when it compares the address in a routing packet to the filter rule.
For example, an address specified in the rules as 192.15.32.0/19 would match
all host addresses from 192.15.32.1 to 192.15.63.255.

Any part of an address which is past the number of significant bits specified
is ignored and assumed to be zero.

See also other documents in the category Compatible Systems Hardware: