Bay Networks 6300 Supplement Manual page 301
Supplement to the remote annex administrator’s guide for unix
Hide thumbs
Also See for 6300:
- Hardware installation manual (138 pages) ,
- Quick start manual (60 pages) ,
- Ordering manual (2 pages)
Table of Contents
Advertisement
Book A
Filtering
Restrictions
Remote Annex 6300 Supplement to the Remote Annex Administrator's Guide for UNIX
IP filtering can handle the following two cases:
•
One or more hosts cannot be reached and all other hosts can.
•
One or more hosts can be reached and all other hosts cannot.
However, IP filtering cannot handle the next two cases:
•
A subset (e.g., a subnet or subnet group) of hosts can be reached,
except for a few hosts in the subset, and all other hosts cannot be
reached.
•
A subset of hosts cannot be reached, except for a few hosts in
the subset, and all other hosts can be reached.
For example, you cannot use acp_restrict to allow a user named martha
to access all hosts on her home network (132.245.0.0), except for the
finance machine at IP address 132.245.77.1, and also deny her access to
hosts outside the 132.245.0.0 network. The acp_restrict entries for this
would be:
user martha: 132.245.77.1
user martha~ 132.245.*
user martha: *
If such an entry is found, a syslog message is generated and the user is
denied access.
In addition, acp_restrict cannot create filters from host names containing
wild cards, e,g., annex*.
Finally, filters apply to IP packets only; IPX and AppleTalk packets
cannot be filtered.
Chapter 15
Using RA 6300 Security
A-273
Advertisement
Table of Contents
