Security 9-39
Less Than or Equal | Any port less than or equal to the port defined |
|
|
Equal | Matches only the port defined |
|
|
Greater Than or Equal | Matches the port or any port greater |
|
|
Greater Than | Matches anything greater than the port defined |
|
|
Example network
Input Packet
Filter
Internet
|
|
|
|
|
|
| IP 200.1.1.?? | |||
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
| Data | |||
Example filters |
|
|
|
|
|
|
|
| ||
Example 1 |
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
| Filter Rule: |
| 200.1.1.0 |
| (Source IP Network Address) |
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 255.255.255.128 |
| (Source IP Mask) |
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Forward = No |
| (What happens on match) |
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
Incoming packet has the source address of 200.1.1.28 |
|
|
|
|
| |||||
|
|
|
|
|
|
|
|
|
|
|
| IP Address |
| Binary Representation |
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
| 200.1.1.28 | 00011100 | (Source address in incoming IP packet) |
| ||||||
|
|
|
|
|
|
|
|
|
| |
| AND |
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
| ||||
| 255.255.255.128 | 10000000 | (Perform the logical AND) |
| ||||||
|
|
|
|
|
|
|
|
|
|
|
