However, the moment you create one filter, a new default is used that drops all traffic, as shown below.
New default filter
This situation will usually require that you create at least one filter before the last filter. The new filter would forward legitimate traffic; all other traffic would be dropped by the last filter.
For example, if you wanted to bar all incoming and outgoing web traffic, but allow all other traffic, the filter stack would resemble the following:
1.Drop all packets from anywhere using the web protocol.
2.Forward all packets from anywhere using any protocol.
3.Drop all packets using any protocol (default last filter).
When a packet goes through the filter stack, the Eicon 1530 would first check if the packet is using the web protocol. If so, the packet is dropped. If not, the next filter is applied, which essentially forwards anything. The third filter is never reached, because the second filter catches all other traffic.
This type of filter stack is called an ‘anything but’ stack, as it lets all traffic through with specific exceptions. The opposite of this is a ‘nothing but’ stack, which allows packets from specific networks or protocols, but drops everything else. In this case, the second filter (‘Forward all packets...’) is not necessary. However, this type of stack is much more restrictive.
See Example: Dropping incoming traffic from a specific network and Example: Allowing incoming traffic only from a specific network on page 60 for more examples.
Example: Dropping incoming traffic from a specific network
This example defines a filter to make sure that no traffic is accepted from a specific network. Assume the network has the IP address 213.112.12.0.
Security | 59 |
