1. Manuals
  2. Brands
  3. Lucent Technologies Manuals
  4. Server
  5. PortMaster 4
  6. Configuration manual

Creating Filters; Creating Ip Filters - Lucent Technologies PortMaster 4 Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Creating Filters

All packets entering a PortMaster through an interface with an input filter are evaluated
against the rules in the filter. As soon as a packet matches a rule, the action specified by
that rule is taken. If no rules match the specific packet, the packet is denied and is
discarded. Whenever an IP packet is discarded, the PortMaster generates an "ICMP Host
Unreachable" message back to the originator.
For interfaces with output filters attached, all packets exiting the interface are evaluated
against the filter rules and only those packets permitted by the filter are allowed to exit
the interface.
Creating Filters
You construct a filter by creating the filter and then adding rules that permit or deny
certain types of packets. A maximum of 256 filter rules per filter is allowed for the
PortMaster 4. The PortMaster generates an error message when the number of filter
rules exceeds the limit.
Because the PortMaster evaluates packets in the order in which rules are listed, you can
avoid bottlenecks and maximize throughput by specifying early those rules representing
your highest security concerns, followed by a rule limiting the volume of traffic.
User filters are attached to users configured for dial-in SLIP or PPP access. When a user
makes a PPP or SLIP connection, the designated filters are attached to the network
interface created for that connection.
Location filters are attached to dial-out locations by means of SLIP or PPP connections.
When the connection is established to a remote site, the designated filters are attached
to the network interface used.
You can attach filters for incoming packets, or for outgoing packets or for both. It is
usually more effective to filter incoming packets so that you can protect the PortMaster
itself.
For more detailed instructions on using the filter commands, see the PortMaster 4
Command Line Reference.
To create a filter, use the following command:
Command> add filter Filtername
You must then use the appropriate set command to add rules that permit or deny
packets. A maximum of 256 filter rules per filter is allowed. The PortMaster generates
an error message when the number of filter rules exceeds the limit.
See the following sections for instructions:
"Creating IP Filters" on page 8-4
"Filtering TCP and UDP Packets" on page 8-5

Creating IP Filters

You can create a rule that filters IP packets according to their source and destination IP
addresses. For more information on the command syntax for creating filters, see the
PortMaster 4 Command Line Reference.
8-4
PortMaster 4 Configuration Guide

Advertisement

Table of Contents
loading

Related Manuals for Lucent Technologies PortMaster 4

Related Content for Lucent Technologies PortMaster 4

Table of Contents