Table of Contents
Advertisement
Table 8-1
Option
Restricting access based
on TCP status
Filter Organization
Filters are stored in a filter table in the PortMaster nonvolatile configuration memory.
Filters can be created or modified at any time, and the changes are not applied to an
active use of the filter. Filter names must be between 1 and 15 characters.
Each packet filter can contain three sets of rules: IP, IPX, and SAP. Within each set, the
rules are numbered starting at one. Newly created packet filters contain zero rules, or an
empty set of rules.
An empty set of rules is equivalent to the permit rule. If a filter contains one or more
rules in the set, any packet not explicitly permitted by a rule is denied at the end of the
rule set.
How Filters Work
IP and IPX packet filters are attached to users, locations, Ethernet interfaces, or network
hardwired ports as either input or output filters. SAP filters are attached as output filters
only. The Ethernet interface filter is enabled as soon as the name of the input or output
filter is set.
Input and output are defined relative to the PortMaster interface. As shown in
Figure 8-1, an input filter is used on packets entering the PortMaster and an output
filter is used on packets exiting the PortMaster.
Figure 8-1
Packets in from
network users
Packets out to
branch office
Configuring Filters
Filter Options (Continued)
Description
You can create filters that use the status of TCP
connections as part of the rule set. This feature can allow
network users to open connections to external networks
without allowing external users access to the local
network.
Input and Output Filters
Packets out to
network users
Input filter
Output filter
PortMaster
Output filter
Input filter
Packets in from
branch office
Overview of PortMaster Filtering
Ethernet interface
Serial interface
11820005
11820005
8-3
Advertisement
Table of Contents
Troubleshooting
