Table of Contents
Advertisement
A filtering rule
The criteria are based on information contained in the packets. A filter is simply a rule that prescribes certain
actions based on certain conditions. For example, the following rule qualifies as a filter:
Block all Telnet attempts that originate from the remote host 199.211.211.17.
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match
occurs, the packet is blocked.
Here is what this rule looks like when implemented as a filter on the Netopia R7200:
+-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+
+--------------------------------------------------------------------+
| 1
199.211.211.17
+--------------------------------------------------------------------+
To understand this particular filter, look at the parts of a filter.
Parts of a filter
A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the
following attributes:
The source IP address (where the packet was sent from)
The destination IP address (where the packet is going)
The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP
Port numbers
A filter can also match a packet's port number attributes, but only if the filter's protocol type is set to TCP or
UDP, since only those protocols use port numbers. The filter can be configured to match the following:
The source port number (the port on the sending host that originated the packet)
The destination port number (the port on the receiving host that the packet is destined for)
By matching on a port number, a filter can be applied to selected TCP or UDP services, such as Telnet, FTP, and
World Wide Web. The following tables show a few common services and their associated port numbers:
Internet service
FTP
Telnet
SMTP (mail)
Gopher
0.0.0.0
TCP
TCP port
20/21
Finger
23
World Wide Web
25
News
70
rlogin
23
Internet service
Security 14-7
Yes No
|
TCP port
79
80
144
513
Advertisement
Table of Contents
