Ip Source And Destination Network Filtering Using Cli; Ip Source And Destination Port Filtering Using Cli; Ip Protocol Filtering Using Cli; Ip Rip Packet Filtering Using Cli - 3Com OfficeConnect Remote 812 Cli User's Manual

6-52 C 6: M
HAPTER ANUAL
S
ETUP

IP Source and Destination Network Filtering Using CLI

Source and destination address filtering is generally used to limit permitted access
to trusted hosts and networks only, to explicitly deny access to hosts and networks
that are not trusted, or to limit external access to a given host (for example, a web
server or a firewall).
Note that only the part of the IP address specified by the mask field is used in the
comparison. If a match is found, the packet is forwarded (rules containing accept)
or discarded (rules containing reject).
The following rule example allows forwarding of only IP packets with source
addresses that match the first 16 bits of the given IP address (addresses beginning
with 192.77):
IP:
1 ACCEPT src-addr = 192.77.200.203/16;
999 DENY;
The following rule example rejects IP packets with a source address: 144.133.20.1.
IP:
1 REJECT src-addr =144.133.20.1;
The following rule example allows forwarding of only IP packets with source
address 192.77.100.32 and destination address 201.128.11.34:
IP:
1 AND src-addr = 192.77.100.32;
2 ACCEPT dst-addr = 201.128.11.34;
999 DENY;

IP Source and Destination Port Filtering Using CLI

You can also filter against UDP and TCP ports. The following rule example rejects
IP packets with a TCP port number of 80.
IP:
1 REJECT tcp_dst_port = 80;

IP Protocol Filtering Using CLI

Filtering can be done on protocol as well. The protocols that can be filtered are
UDP, TCP and ICMP. The following rule example rejects TCP packets.
IP:
1 REJECT protocol = TCP;

IP RIP Packet Filtering Using CLI

Routing Information Protocol (RIP) packets are used to identify all attached
networks as well as the number of router hops required to reach them. The
responses are used to update a router's routing table