Table of Contents
Advertisement
The following example further illustrates filter rule chaining, different sized masks and the full 8 bytes of the
Value field.
Create a filter set designed to block telnet access from a given external node (the example below uses
176.163.52.18) to a given internal node (176.163.107.254).
The filter rule summary (input) should look like this:
+-#----Value-------------Mask--------------Offst-Compare--Chain---On?-Fwd-+
+-------------------------------------------------------------------------+
| 1
| 2
| 3
| 4
| 5
|
Filter #1 checks that the IHL has a size of 5. This is a useful security check to verify a potential hacker has
not padded the packet with options that would then throw off following filter rule checks on bytes further
into the packet.
Filter #2 checks the incoming packet is IP.
Filter #3 checks that the packet is using TCP.
Filter #4 simultaneously checks the source IP address is 176.163.52.18 (= B0A33412 in hex) and the
destination IP address is 176.163.107.254 (= B0A3B0FE in hex).
Filter #5 checks the TCP port address is telnet (= 23 decimal = 17 hex).
Note: This filter set is presented only to illustrate how Generic filtering works. You are strongly advised to
actually use IP filters to block IP only traffic.
0500000000000000
0F00000000000000
0800000000000000
FFFF000000000000
0600000000000000
FF00000000000000
B0A33412B0A3B0FE
FFFFFFFFFFFFFFFF
0017000000000000
FFFF000000000000
14
=
No
12
=
Yes
23
=
Yes
26
=
Yes
36
=
No
Security 8-89
Yes No
|
Yes
|
Yes
|
Yes
|
Yes No
|
|
Advertisement
Table of Contents
