Creating Filters Using Command Line Interface 6-29

The remainder of the filter file is partitioned into protocol sections. Each protocol section has a descriptive header and contains the filter rules for that protocol.

Protocol Sections A single filter file can contain all valid protocol sections in any order, but the sections cannot be repeated. The following conditions will generate errors or prevent normal filter operation:

If you do not specify a protocol section in the filter file, no filtering will occur

￿and packets of that protocol type will be accepted.

If you specify a protocol section but do not define any rules, an error will occur. The following table describes the valid protocol sections that you can define in the filter file.

To comment out a protocol section, you must place a pound (#) sign before the section header and before all rules defined in the section.

Table 6-2Protocol Sections

Protocol Sections

Descriptions

 

 

IP

IP protocol data filter section

 

 

IP-RIP

IP RIP advertising filter section

 

 

IPX

IPX protocol data filter section

 

 

IPX-RIP

IPX RIP advertising filter section

 

 

IPX-SAP

IPX SAP advertising filter section

 

 

BR-ETH

Bridge protocol data filter

 

 

Protocol Rules

You can define protocol rules within each protocol section in the filter file. Protocol rules determine which packets may and may not access the network. The rule syntax is:

<line #> <verb> <keyword> <operator> <value>

The line # range is 1-10. This means you can combine up to 10 rules to create a filter for a specific protocol. Additionally, line number 999 is used for the DENY verb.

The combination of keyword, operator, and value forms the condition which (when combined with the verb) determines whether a packet is accepted or rejected.

When a packet is filtered, the router parses each rule defined in the protocol section sequentially according to the line number. Filtering is performed based on the first match that occurs. If there is no match, by default the packet is accepted. For this reason, you should order your protocol rules so that the rules you expect to be most frequently matched are in the beginning of the section. This reduces the amount of parsing time that occurs during filtering. The following table describes each field used in the rule syntax:

Table 6-3Protocol Rules

Page 66 Page 68
Page 67
Image 67
3Com 812 manual Protocol Rules, Br-Eth
Page 66 Page 68
Top Page Image Contents