Security 8-75
EE
EExx
xxaa
aamm
mmpp
pp llll ee
ee IIIIPP
PP ff
ff iiii lllltt
tt ee
ee rr
rr ss
ss
EE
EExx
xxaa
aamm
mmpp
ppllllee
ee 11
11
Write a filter rule that blocks the class C subnet represented by 200.1.1.0/25 from accessing the net.
Incoming packet has the source address of 200.1.1.28
To determine if the packet will match on the filter, perform a Boolean AND on the source IP address and the
filter’s source IP mask:
This incoming IP packet has a source IP address that matches the network address in the Source IP Address
field (whose last byte is binary 00000000) in the Netopia D-Series. This will not forward this packet.
EE
EExx
xxaa
aamm
mmpp
ppllllee
ee 22
22
Incoming packet has the source address of 200.1.1.184.
Filter Rule: 200.1.1.0 (Source IP Network Address)
255.255.255.128 (Source IP Mask)
Forward = No (What happens on match)
IP Address Binary Representation of
the last byte of the IP
address
200.1.1.28 00011100 (Source address in incoming IP packet)
AND
255.255.255.128 10000000 (Perform the logical AND)
00000000 (Logical AND result)
Filter Rule: 200.1.1.0 (Source IP Network Address)
255.255.255.128 (Source IP Mask)
Forward = No (What happens on match)
IP Address Binary Representation
200.1.1.184 10111000 (Source address in incoming IP packet)
AND