Security
How individual filters work
As described above, a filter applies criteria to an IP packet and then takes one of three actions:
A filter’s actions
■Passes the packet to the local or remote network
■Blocks (discards) the packet
■Ignores the packet
A filter passes or blocks a packet only if it finds a match after applying its criteria. When no match occurs, the filter ignores the packet.
The criteria are based on information contained in the packets. A filter is simply a rule that prescribes certain actions based on certain conditions. For example, the following rule qualifies as a filter:
A filtering rule
Block all Telnet attempts that originate from the remote host 199.211.211.17.
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match occurs, the packet is blocked.
Here is what this rule looks like when implemented as a filter on the Netopia R2020:
Source IP | Dest IP | |||
|
| + | ||
1 | 199.211.211.17 | 0.0.0.0 | TCP 23 | Yes No |
|
| + |
To understand this particular filter, look at the parts of a filter.
Parts of a filter
A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the following attributes:
■The source IP address (where the packet was sent from)
■The destination IP address (where the packet is going)
■The type of
Port numbers
A filter can also match a packet’s port number attributes, but only if the filter’s protocol type is set to TCP or UDP, since only those protocols use port numbers. The filter can be configured to match the following:
■The source port number (the port on the sending host that originated the packet)
■The destination port number (the port on the receiving host that the packet is destined for)
By matching on a port number, a filter can be applied to selected TCP or UDP services, such as Telnet, FTP, and World Wide Web. The tables below show a few common services and their associated port numbers.