10-24 Firmware User Guide

Filtering example #1

Returning to our filtering rule example from above (see page 10-20), look at how a rule is translated into a filter. Start with the rule, then fill in the filter’s attributes:

1.The rule you want to implement as a filter is:

Block all Telnet attempts that originate from the remote host 199.211.211.17.

2.The host 199.211.211.17 is the source of the Telnet packets you want to block, while the destination address is any IP address. How these IP addresses are masked determines what the final match will be, although the mask is not displayed in the table that displays the filter sets (you set it when you create the filter). In fact, since the mask for the destination IP address is 0.0.0.0, the address for Dest IP Addr could have been anything. The mask for Source IP Addr must be 255.255.255.255 since an exact match is desired.

Source IP Addr = 199.211.211.17

Source IP address mask = 255.255.255.255

Dest IP Addr = 0.0.0.0

Destination IP address mask = 0.0.0.0

3.Using the tables on page 10-21, find the destination port and protocol numbers (the local Telnet port):

Proto = TCP (or 6)

D. Port = 23

4.The filter should be enabled and instructed to block the Telnet packets containing the source address shown in step 2:

On? = Yes

Fwd = No

This four-step process is how we produced the following filter from the original rule:

 

+-#---

Source IP Addr---

Dest IP Addr-----

Proto-Src.Port-D.Port--

On?-Fwd-+

 

 

+----------------------------------------------------------------------

 

 

 

+

 

 

1

192.211.211.17

0.0.0.0

TCP 0

23

Yes No

 

 

 

 

 

 

 

 

+----------------------------------------------------------------------

 

 

 

+

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Filtering example #2

Suppose a filter is configured to block all incoming IP packets with the source IP address of 200.233.14.0, regardless of the type of connection or its destination. The filter would look like this:

 

+-#---

Source IP Addr---

Dest IP Addr-----Proto-Src.Port-D.Port On?-Fwd-+

 

 

+----------------------------------------------------------------------

 

 

+

 

 

1

200.233.14.0

0.0.0.0

0

Yes No

 

 

 

 

 

 

 

+----------------------------------------------------------------------

 

 

+

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Page 248
Image 248
Netopia 4000-Series manual Filtering example #1, Filtering example #2