Bay Networks 5390 Administering page 339

Chapter A13 Filtering
The Model 5390 implementation of filtering allows you to improve the security of an internal
network by preventing potentially dangerous traffic from crossing it. For example, you might want
to prevent an outside host from using the Network File System (NFS) protocol or the Trivial File
System Protocol (TFTP) to access an internal network, because these protocols have no built-in
security and can alter local data. Or, you might want to use filtering to prevent users on your internal
network from accessing external hosts and services.
An effective way to provide this kind of protection is to select one Model 5390 server on the internal
network to be the network's chokepoint or firewall through which all traffic to and from external
networks must pass. Then, configure filters on that Model 5390 server to block undesirable packets
(see add Subcommand Examples on page A13-13).
You can also use filtering to log (in the syslog file) traffic for security or network-management
purposes (see add Subcommand Examples on page A13-13). Finally, you can use filters to determine
what constitutes traffic on a dial-out serial port.
Filters can apply to one particular physical interface on the Model 5390 server or to all Model 5390
interfaces and can affect incoming or outgoing packets. An interface is a SLIP or PPP port named
asyn, where n is the port number, or the Ethernet port (en0).
893-741-B
CAUTION: Filters are complicated and can interact in ways you might
not anticipate; use them with great care. Filters can cause performance
to deteriorate significantly. Syslogging common occurrences can flood
the syslog file. Syslogging syslogs can cause infinite loops. Be careful
when creating filters that discard packets on the Ethernet interface; fil-
ters of this type can hang the Model 5390 server. You need superuser
privileges not only to configure the Model 5390 server for filtering but
also to create or modify filters.
A13-1