Filtering Tcp And Udp Packets - Lucent Technologies PortMaster 4 Configuration Manual

Table of Contents

To create an IP filter rule that filters by address, use the following command—entered

on one line:

Command> set filter Filtername RuleNumber permit|deny [Ipaddress/NM

Ipaddress(dest)/NM] [protocol Number] [log] [notify]

You can replace protocol Number with one of the following keywords:

•

esp—matches packets using Encapsulation Security Payload (ESP) protocol. See

RFC 1827 for more information on this protocol.

•

ah—matches packets using Authentication Header (AH) protocol. See RFC 1826 for

more information on this protocol.

•

ipip—matches packets using the IP Encapsulation within IP (IPIP). See RFC 2003

for more information on this protocol.

If you are using ChoiceNet, you can also replace either the source or destination IP

address with the value =ListName, which specifies a list of sites in the

/etc/choicenet/lists directory in the ChoiceNet server. The equal sign (=) must

immediately precede the value.

Filtering ICMP Packets

Internet Control Message Protocol (ICMP) packets—commonly known as ping

packets—report errors and provide other information about IP packet processing. You

can filter ICMP packets by source and destination IP address, or by ICMP packet type.

Packet types are identified in RFC 1700.

To create an ICMP filter rule, use the following command—entered on one line:

Command> set filter Filtername RuleNumber permit|deny [Ipaddress/NM

Ipaddress(dest)/NM] icmp [type Itype] [log]

If you are using ChoiceNet, you can also replace either the source or destination IP

address with the value =ListName, which specifies a list of sites in the

/etc/choicenet/lists directory in the ChoiceNet server. The equal sign (=) must

immediately precede the value.