Table of Contents
Advertisement
27-2 Filter Configuration
Figure 27-1 Outgoing Packet Filtering Process
Outgoing
Data Filtering
Packet
Match
Drop
packet
For incoming packets, your Contivity 221 applies data filters only. Packets are processed
depending upon whether a match is found. The following sections describe how to configure filter
sets.
27.1.1
Filter Structure
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the
rules for NetBIOS, into a single set and give it a descriptive name. The Contivity 221 allows you
to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the
system. You cannot mix device filter rules and protocol filter rules within the same set. You can
apply up to four filter sets to a particular port to block multiple types of packets. With each filter
set having up to six rules, you can have a maximum of 24 rules active for a single port.
Sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic
from triggering calls and to prevent incoming telnet sessions. A summary of their filter rules is
shown in the figures that follow.
The following figure illustrates the logic flow when executing a filter rule. See also
for the logic flow when executing an IP filter.
3317517-A Rev 00
Call Filtering
No
No
Built-in
User-defined
match
match
default
Call Filters
Call Filters
(if applicable)
Match
Drop packet
Drop packet
if line not up
if line not up
Or
Send packet
but do not reset
Idle Timer
Active Data
No
match
Initiate call
if line not up
Send packet
and reset
Idle Timer
Match
Or
Send packet
but do not reset
Idle Timer
Figure 27-7
Formatted: Font: Italic
Deleted: Figure 27-7
Formatted: Font: Italic, Do no
spelling or grammar
Formatted: Font: Italic
Advertisement
Table of Contents
