220
C
14: H
HAPTER
ANDLING
Call Filters
Generic Filters
Creating Filters
Filter File
Components
P
F
ACKET
ILTERS
IP-Call filters are employed to screen outgoing calls for an ondemand user
or a per interface basis. Filtering rules can comb source, destination, and
host addresses, port numbers of TCP and UDP protocols, and Internet
Control Message Protocol (ICMP) messages and protocols.
Generic filters are set by byte and offset values in a packet. Packets are
filtered by comparing theirs offset value and byte information with the
values you define in the filter. The RAS 1500 accepts or rejects the packet
based on the result.
Creating generic filters can be a complex task. Only experienced users
should use generic filters and strictly in cases where data and advertising
filters cannot provide necessary filtering capabilities.
The RAS 1500 performs packet filtering based on rules you create. This
section describes how to create packet filters.
Filter rules are defined within filter files. Filters are text files stored either
in FLASH memory or on a RADIUS server. You can create and modify filter
using the following:
The Windows-based TRAM
An off-line text editor
File Descriptor
To be valid, a filter file must always have the following file descriptor on
the first line:
#filter
Eliminate blank space before the descriptor, otherwise an error will occur.
The remainder of the filter file is partitioned into protocol sections. Each
protocol section has a descriptive header preceding filter rules for that
protocol.