Table of Contents
Advertisement
The Default Filter
Before filtering can be enabled on any given port, a default filter should be configured. This
filter handles any traffic not covered by any other filter. All the criteria in the default filter must
be set to the full range possible (any). For example:
0.0.0.0
Deny
Filter 224
Figure 7-3 Assigning a Default Filter
In this example, the default filter is defined as Filter 224 in order to give it the lowest order of
precedence. All matching criteria in Filter 224 are set to the any state. If no other filter acts on
the traffic, Filter 224 processes it, denying and logging unwanted traffic.
>> # /cfg/slb/filt 224
>> Filter 224# sip any
>> Filter 224# dip any
>> Filter 224# proto any
>> Filter 224# action deny
>> Filter 224# name deny unwanted traffic (Provide a descriptive name for the
>> Filter 224# ena
>> Filter 224# adv
>> Filter 224 Advanced# log enable
Default filters are recommended (but not required) when configuring filters for IP traffic con-
trol and redirection. Using default filters can increase session performance but takes some of
the session binding resources. If you experience an unacceptable number of binding failures, as
shown in the Server Load Balancing Maintenance Statistics (/stats/slb/maint), you
may wish to remove some of the default filters.
212777-A, February 2002
Filtering by Destination IP Address Ranges
Allow
Redirect
Filter 2
Filter 1
Web OS 10.0 Application Guide
255.255.255.255
(Select the default filter)
(From any source IP addresses)
(To any destination IP addresses)
(For any protocols)
(Deny matching traffic)
filter)
(Enable the default filter)
(Select the advanced menu)
(Log matching traffic to syslog)
Chapter 7: Filtering
n
173
Advertisement
Table of Contents
