IP:
1ACCEPT
999DENY;
The following rule example rejects IP packets with a source address: 144.133.20.1.
IP:
1 REJECT
The following rule example allows forwarding of only IP packets with source address 192.77.100.32 and destination address 201.128.11.34:
IP:
1AND
2ACCEPT
999DENY;
IP Source and Destination Port Filtering Using CLI
You can also filter against UDP and TCP ports. The following rule example rejects
IP packets with a TCP port number of 80.
IP:
1 REJECT tcp_dst_port = 80;
IP Protocol Filtering Using CLI
Filtering can be done on protocol as well. The protocols that can be filtered are
UDP, TCP and ICMP. The following rule example rejects TCP packets.
IP:
1 REJECT protocol = TCP;
IP RIP Packet Filtering Using CLI
Routing Information Protocol (RIP) packets are used to identify all attached networks as well as the number of router hops required to reach them. The responses are used to update a router's routing table
If the router is listening for, or broadcasting RIP messages, you should allow them to pass in the appropriate direction(s). You define IP RIP filtering rules in the
For example, if you want to filter all routes except the one specified by the IP network address 195.12.254.45, you would create this rule:
1 ACCEPT network = 195.12.254.45;
999 DENY;
This filter only allows the route 195.12.254.45 into the route table. All other routes are rejected.
Spurious RIP messages can disrupt your routing tables. If you are listening for RIP messages on a given interface, you may wish to consider filtering out RIP updates from untrusted networks.