Ip Source And Destination Network Filtering Using Cli; Ip Source And Destination Port Filtering Using Cli; Ip Protocol Filtering Using Cli - 3Com OfficeConnect 3CP4144 Cli User's Manual

3com officeconnect 3cp4144: users guide

Hide thumbs Also See for OfficeConnect 3CP4144:

Get started manual (58 pages)

How to set up (4 pages)

Release note (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

page of 144

/ 144
Contents
Table of Contents
Bookmarks

Table of Contents

6-32

6: M

HAPTER

ANUAL

ETUP

VALUE - The value (hex) to compare to the packet contents.

For example, a generic bridge filter to prevent all IP packets from being bridged is:

BR-ETH:

1 reject generic=>origin=frame/offset=12/length=2/mask=0xFFFF/value=0x0800;

Applying the Rules

The following sections provide detailed information and examples for creating

Using CLI

specific filters based on protocol.

IP Source and Destination Network Filtering Using CLI

Source and destination address filtering is generally used to limit permitted access

to trusted hosts and networks only, to explicitly deny access to hosts and networks

that are not trusted, or to limit external access to a given host (for example, a web

server or a firewall).

Note that only the part of the IP address specified by the mask field is used in the

comparison. If a match is found, the packet is forwarded (rules containing accept)

or discarded (rules containing reject).

The following rule example allows forwarding of only IP packets with source

addresses that match the first 16 bits of the given IP address (addresses beginning

with 192.77):

IP:

1 ACCEPT src-addr = 192.77.200.203/16;

999 DENY;

The following rule example rejects IP packets with a source address: 144.133.20.1.

IP:

1 REJECT src-addr =144.133.20.1;

The following rule example allows forwarding of only IP packets with source

address 192.77.100.32 and destination address 201.128.11.34:

IP:

1 AND src-addr = 192.77.100.32;

2 ACCEPT dst-addr = 201.128.11.34;

999 DENY;

IP Source and Destination Port Filtering Using CLI

You can also filter against UDP and TCP ports. The following rule example rejects

IP packets with a TCP port number of 80.

IP:

1 REJECT tcp_dst_port = 80;

IP Protocol Filtering Using CLI

Filtering can be done on protocol as well. The protocols that can be filtered are

UDP, TCP and ICMP. The following rule example rejects TCP packets.

Table of Contents

This manual is also suitable for:

Officeconnect 812

Ip Source And Destination Network Filtering Using Cli; Ip Source And Destination Port Filtering Using Cli; Ip Protocol Filtering Using Cli - 3Com OfficeConnect 3CP4144 Cli User's Manual

IP Source and Destination Network Filtering Using CLI

IP Source and Destination Port Filtering Using CLI

IP Protocol Filtering Using CLI

Related Manuals for 3Com OfficeConnect 3CP4144

Related Content for 3Com OfficeConnect 3CP4144

This manual is also suitable for:

Table of Contents