Introduction to Filtering
You may easily prevent stations on one segment from accessing all but a specific resource on the other segment; for this, “negative” filtering and the use of “Forward if Destination” would be appropriate. If you want to disallow all but one specific station from accessing any service on the other segment, the use of “Forward if Source” could be used.
Pattern Filtering
Pattern filtering is provided in three separate sections: Bridge Pattern Filters, IP router Pattern Filters, and IPX router Pattern Filters. When the router is operating as an IP/IPX Bridge/router, each of the frames received from the local LAN is passed on to the appropriate internal section of the router. The IPX frames are passed on to the IPX router, the IP frames are passed on to the IP router, and all other frames are passed on to the bridge. Different pattern filters may be defined in each of these sections to provide very extensive pattern filtering on LAN traffic being sent to remote LANs.
Pattern filters are created by defining an offset value and a pattern match value. The offset value determines the starting position for the pattern checking. An offset of 0 indicates that the pattern checking starts at the beginning of the data frame. An offset of 12 indicates that the pattern checking starts at the 12th octet of the data frame. When a data frame is examined in its HEX format, an octet is a pair of HEX values with offset location 0 starting at the beginning of the frame. Please refer to Appendix C - Octet Locations on Ethernet Frames for more information on octet locations in data frames.
The pattern match value is defined as a HEX string that is used to match against the data frame. If the HEX data at the appropriate offset location in the data frame matches the HEX string of the filter pattern, there is a positive filter match. The data frame will be filtered according to the filter operators being used in the filter pattern.
58