Table of Contents
Advertisement
However, the moment you create one filter, a new default is used that drops all traffic, as shown
below.
New
default
filter
This situation will usually require that you create at least one filter before the last filter. The
new filter would forward legitimate traffic; all other traffic would be dropped by the last filter.
For example, if you wanted to bar all incoming and outgoing web traffic, but allow all other
traffic, the filter stack would resemble the following:
Drop all packets from anywhere using the web protocol.
1.
Forward all packets from anywhere using any protocol.
2.
Drop all packets using any protocol (default last filter).
3.
When a packet goes through the filter stack, the Eicon 1530 would first check if the packet is
using the web protocol. If so, the packet is dropped. If not, the next filter is applied, which
essentially forwards anything. The third filter is never reached, because the second filter
catches all other traffic.
This type of filter stack is called an 'anything but' stack, as it lets all traffic through with
specific exceptions. The opposite of this is a 'nothing but' stack, which allows packets from
specific networks or protocols, but drops everything else. In this case, the second filter
('Forward all packets...') is not necessary. However, this type of stack is much more restrictive.
See
Example: Dropping incoming traffic from a specific network
incoming traffic only from a specific network
Example: Dropping incoming traffic from a specific network
This example defines a filter to make sure that no traffic is accepted from a specific network.
Assume the network has the IP address 213.112.12.0.
Security
and
on page 60 for more examples.
Example: Allowing
59
Advertisement
Table of Contents
