Applying Filters Using CLI 6-57

 

Most importantly, the router does not know which interface an outgoing

 

packet came in through. If a potential intruder forges a packet with a false

 

source address (in order to appear as a trusted host or network), there is no

 

way for an output filter to tell if that packet came in through the wrong

 

interface. An input filter, on the other hand, can filter out packets purporting

 

to be from networks that are actually connected to a different interface.

VC/Remote Site Filters

You can configure filters for a specific VC / remote site profile that controls access

 

to the network for that location. This filter is only applied for the duration of the

 

￿remote network connection. As with interface filters, a remote site filter can be

 

configured to apply to input or output data traffic. (Note that you can also assign

 

filters (input and output) to your VPN tunnel).

 

 

Applying Filters Using

You can apply filters to interfaces and/or users using the CLI. If you modify a file,

CLI

you need to re-assign it to make the changes take effect immediately. Otherwise

 

the changes will not take effect until the protocol network (IP, IPX, or bridge) that

 

the filter affects goes down and comes back up. This occurs when a network is

 

disabled, the WAN connection goes down then up, or when the OCR 812 is

 

rebooted.

 

Do not apply a filter to more than one interface or VC / remote site profile. Also,

 

do not apply an input and an output filter to more than one Ethernet interface.

Applying a Filter to an

To configure an input or output filter on an interface, use the following CLI

Interface Using CLI

commands:

 

set interface <interface name> input_filter <filter name>

 

set interface <interface name> output_filter <filter name>

 

Interface name is eth:1 for the Ethernet interface and atm:1 for the ATM

 

interface. For example, to apply an input filter to the ethernet interface: set

 

interface eth:1 input_filter filter.fil

 

When assigning the filter to the Ethernet interface, you must turn off filter access

 

by entering the CLI command set interface eth:1 filter_access off.

 

For more information about the filter access, refer to the Setting Filter Access

 

section below.

 

Do not apply a filter to more than one interface or VC / remote site profile. Also,

 

do not apply an input and an output filter to more than one Ethernet interface.

Configuring a Filter for a VC/Remote Site Using

CLI

Do not apply a filter to more than one interface or VC/remote site profile.

To configure an input or output filter for a specific user, use the following commands:

set vc <vc or remote site name>input_filter <filter_name> set vc <vc or remote site name>output_filter <filter_name>

For example, to apply an output filter to a user: set vc corpoffice input_filter

filter.fil

Page 93
Image 93
3Com OfficeConnect Remote 812 manual Applying Filters Using