ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER REFERENCE MANUAL

• SAP (sapfilter command)

Packets are checked for filter matches using those three lists in the order: general list, RIP list, SAP list. The Router software can be configured to specify:

an include list (packets to forward)

an exclude list (packets not to forward) The filter list entries can specify

IPX source and destination addresses

IPX packet types

direction

Router interface

RIP and SAP parameters

Use the filter command to configure and modify IPX packet filters. If enabled, all incoming and outgoing IPX packets can be filtered using IPX filters. Filtering must first be enabled for the list entries to take effect.

Filtering restrictions apply to packets destined for the Router and those routed through the Router. The result of passing a packet to the Filtering Module is a decision to allow or deny further processing of the packet. The next hop is not considered.

The filtering is based on a prioritized list of filter expressions. Filter expressions are added to the Router through use of the filter, ripfilter and sapfilter commands. The action specified in the first filter expression found in the filter list that matches the packet in question is applied.

All IPX filtering is disabled by default. Filtering takes effect when the enable command for a filter list (General, RIP or SAP) is entered by the user. Filter list entries stay in place across reboots only if the config save command is entered before restarting.

There is no notion of filter modes. The filter list can be a mix of allowed and denied address/protocol/port/interface/flag/direction specifications.

The default action if no match is found is to allow the packet. You can override this by specifying a filter expression with wildcard address entries as the lowest-priority filter expression.

Subcommands and parameters

filter add name

The filter add subcommand adds an IPX packet filter of name name.

name—A 1 to 6 character ASCII identifier chosen by the user to easily reference filter expressions. Each filter expression must have a unique name. This name is generally used so that the position of an entry in the list can be changed. Names beginning with a dollar sign (“$”) are reserved for use by the system.

[[+]-iiface [/frame_type]]—Specify a legal interface

ifaceeth0, modem0-4, sync0

frame_type—Specified as part of the interface, and can be either 802.3, 802.2, SNAP or II (for Ethernet Type 2). Use a slash to separate the iface from the frame_type, for example, eth0/802.2. If left

192

Page 192
Image 192
Black Box LRS002A-R2, LRA005A-R2, LRA001A-R2 manual 192, Filter add name, Iface-eth0, modem0-4, sync0