Security
Example 4
|
| Filter Rule: |
| 200.1.1.96 |
| (Source IP Network Address) |
|
|
|
|
|
|
|
|
|
|
|
|
| 255.255.255.240 |
| (Source IP Mask) |
|
|
|
|
|
|
|
|
|
|
|
|
| Forward = No |
| (What happens on match) |
|
|
|
|
|
|
|
|
|
Incoming packet has the source address of 200.1.1.104. |
|
|
| ||||
|
|
|
|
|
| ||
| IP Address | Binary Representation |
|
|
| ||
|
|
|
| ||||
| 200.1.1.104 | 01101000 | (Source address in incoming IP packet) | ||||
|
|
|
|
|
|
| |
| AND |
|
|
|
|
| |
|
|
|
| ||||
| 255.255.255.240 | 11110000 | (Perform the logical AND) | ||||
|
|
|
|
| |||
|
|
| 01100000 | (Logical AND result) | |||
|
|
|
|
|
|
|
|
Since the Source IP Network Address in the Netopia 4553 is 01100000, and the source IP address after the logical AND is 01100000, this rule does match and this packet will not be forwarded.
Example 5
|
| Filter Rule: |
| 200.1.1.96 |
| (Source IP Network Address) |
|
|
|
|
|
|
|
|
|
|
|
|
| 255.255.255.255 |
| (Source IP Mask) |
|
|
|
|
|
|
|
|
|
|
|
|
| Forward = No |
| (What happens on match) |
|
|
|
|
|
|
|
|
|
Incoming packet has the source address of 200.1.1.96. |
|
|
| ||||
|
|
|
|
|
| ||
| IP Address | Binary Representation |
|
|
| ||
|
|
|
| ||||
| 200.1.1.96 | 01100000 | (Source address in incoming IP packet) | ||||
|
|
|
|
|
|
| |
| AND |
|
|
|
|
| |
|
|
|
| ||||
| 255.255.255.255 | 11111111 | (Perform the logical AND) | ||||
|
|
|
|
| |||
|
|
| 01100000 | (Logical AND result) | |||
|
|
|
|
|
|
|
|
Since the Source IP Network Address in the Netopia 4553 is 01100000, and the source IP address after the logical AND is 01100000, this rule does match and this packet will not be forwarded. This rule masks off a single IP address.
