Security
How individual filters work
As described above, a filter applies criteria to an IP packet and then takes one of three actions
A filter’s actions
■forwards the packet to the local or remote network
■Blocks (discards) the packet
■Ignores the packet
A filter forwards or blocks a packet only if it finds a match after applying its criteria. When no match occurs, the filter ignores the packet.
A filtering rule
The criteria are based on information contained in the packets. A filter is simply a rule that prescribes certain actions based on certain conditions. For example, the following rule qualifies as a filter:
Block all Telnet attempts that originate from the remote host 199.211.211.17.
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match occurs, the packet is blocked.
Here is what this rule looks like when implemented as a filter on the Netopia R5000 Series Router:
Source IP | Dest IP | |||
|
| + | ||
1 | 199.211.211.17 | 0.0.0.0 | TCP 23 | Yes No |
|
| + |
To understand this particular filter, look at the parts of a filter.
Parts of a filter
A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the following attributes:
■The source IP address (where the packet was sent from)
■The destination IP address (where the packet is going)
■The type of
Port numbers
A filter can also match a packet’s port number attributes, but only if the filter’s protocol type is set to TCP or UDP, since only those protocols use port numbers. The filter can be configured to match the following:
■The source port number (the port on the sending host that originated the packet)
■The destination port number (the port on the receiving host that the packet is destined for)