Generic Filter Rule; Applying The Rules Using Cli; Ip Source And Destination Network Filtering Using Cli - 3Com OfficeConnect Remote 812 Cli User's Manual

Release 1.0

Hide thumbs Also See for OfficeConnect Remote 812:

Cli user's manual (170 pages)

Getting started manual (66 pages)

Get started manual (58 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

page of 144

/ 144
Contents
Table of Contents
Bookmarks

Table of Contents

Generic Filter Rule

Applying the Rules

Using CLI

IPX

src-net

dst-net

src-host

dst-host

src-socket

dst-socket

generic

IPX-RIP

network

IPX-SAP

network

node

server

service-type

socket

BR-ETH

src-addr

dst-addr

generic

The syntax for generic filters is slightly different than that for other filters:

<line #> <verb> GENERIC => ORIGIN = <FRAME > DATA>/OFFSET = <# of

bytes>/ LENGTH = <# of bytes>/MASK = < 0x Mask>/VALUE = <0x value>

ORIGIN - The location in the packet to start the offset count. This location can

be at byte 0 (FRAME) or at the start of the protocol data (DATA).

OFFSET - The number of bytes from the origin to skip before comparing the

value to the packet contents.

LENGTH - The number of bytes in the packet to compare to the value.

MASK - The mask to logically "and" with the packet contents before

comparing with the value (hex).

VALUE - The value (hex) to compare to the packet contents.

For example, a generic bridge filter to prevent all IP packets from being bridged is:

BR-ETH:

1 reject

generic=>origin=frame/offset=12/length=2/mask=0xFFFF/value=0x0800;

The following sections provide detailed information and examples for creating

specific filters based on protocol.

IP Source and Destination Network Filtering Using CLI

Source and destination address filtering is generally used to limit permitted access

to trusted hosts and networks only, to explicitly deny access to hosts and networks

that are not trusted, or to limit external access to a given host (for example, a web

server or a firewall).

Note that only the part of the IP address specified by the mask field is used in the

comparison. If a match is found, the packet is forwarded (rules containing accept)

or discarded (rules containing reject).

The following rule example allows forwarding of only IP packets with source

addresses that match the first 16 bits of the given IP address (addresses beginning

with 192.77):

Creating Filters Using Command Line Interface

=, !=

Source IPX network (xx-xx-xx-xx)

=, !=

Destination IPX network (xx-xx-xx-xx)

=, !=

Source IPX host node address (xx-xx-xx-xx-xx-xx)

=, !=

Destination IPX host node address (xx-xx-xx-xx-xx-xx)

all

Source IPX socket (0x1 - 0xFFFF)

all

Destination IPX socket (0x1 - 0xFFFF)

Generic Filter

=, !=

IPX network (xx-xx-xx-xx)

=, !=

IPX network (xx-xx-xx-xx)

=, !=

IPX node (xx-xx-xx-xx-xx-xx)

=, !=

Server name (character string to 32 characters)

=, !=

Service type (0x0 - 0xFFFF)

all

Socket (0x1 - 0xFFFF)

=, !=

Source MAC address (xx-xx-xx-xx-xx-xx)

=, !=

Destination MAC address (xx-xx-xx-xx-xx-xx)

Generic filter

6-31

Table of Contents

Generic Filter Rule; Applying The Rules Using Cli; Ip Source And Destination Network Filtering Using Cli - 3Com OfficeConnect Remote 812 Cli User's Manual

Generic Filter Rule

IP Source and Destination Network Filtering Using CLI

Related Manuals for 3Com OfficeConnect Remote 812

Related Content for 3Com OfficeConnect Remote 812

Table of Contents