Assigning Filters; Interface Filters; Input Filter; Output Filters - 3Com OfficeConnect Remote 812 Cli User's Manual

Release 1.0
Hide thumbs Also See for OfficeConnect Remote 812:
Table of Contents

Advertisement

6-36
C
6: M
HAPTER
ANUAL

Assigning Filters

Interface Filters

Input Filter

Output Filters

Input Filters vs. Output
Filters

VC/Remote Site Filters

Applying Filters Using
CLI
S
ETUP
For more details, refer to the next two sections. Assigning Filters discusses how
to decide where to apply a filter, and Applying Filters explains the appropriate
CLI commands to use.
Once a filter has been added to router's list of managed filters, you can assign it to
the unit's:
Interfaces

VC / Remote Site Profile

You can configure interface filters for any interface. Interface filters control access
to all networks available for both modem and non-modem interfaces.
You can specify whether a filter applies to packets entering the interface (input
filter) or leaving the interface (output filter). The router examines the filtering rules
to determine whether the interface accepts or rejects the packet.
If an input filter is configured on an interface, all received packets are checked
against the filtering rules before being forwarded to another interface.
If an output filter is configured on an interface, all outbound packets are checked
against the filtering rules before exiting the router.
When possible, use the input filter to filter an incoming packet rather than waiting
to catch a packet as it attempts to exit the router. This is recommended because:
A packet is prevented from entering the router, keeping potential intruders

from attacking the unit itself.
The routing engine does not waste time processing a packet that is going to be

discarded anyway.
Most importantly, the router does not know which interface an outgoing

packet came in through. If a potential intruder forges a packet with a false
source address (in order to appear as a trusted host or network), there is no
way for an output filter to tell if that packet came in through the wrong
interface. An input filter, on the other hand, can filter out packets purporting
to be from networks that are actually connected to a different interface.
You can configure filters for a specific VC / remote site profile that controls access
to the network for that location. This filter is only applied for the duration of the
remote network connection. As with interface filters, a remote site filter can be
configured to apply to input or output data traffic.
You can apply filters to interfaces and/or users using the CLI. If you modify a file,
you need to re-assign it to make the changes take effect immediately. Otherwise
the changes will not take effect until the protocol network (IP, IPX, or bridge) that
the filter affects goes down and comes back up. This occurs when a network is
disabled, the WAN connection goes down then up, or when the OfficeConnect
Remote 812 is rebooted.

Advertisement

Table of Contents
loading

Table of Contents