Table of Contents
Advertisement
Prestige 861H User's Guide
Packet
into IP Filter
Filter Active?
Yes
Apply SrcAddrMask
to Src Addr
Check Src
IP Addr
Matched
Apply DestAddrMask
to Dest Addr
Check Dest
IP Addr
Matched
Check
IP Protocol
Matched
Check Src &
Dest Port
Matched
More?
No
Action Matched
Drop
Drop Packet
23.4.2 Generic Filter Rule
This section shows you how to configure a generic filter rule. The purpose of generic rules is to
allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP packet. You
specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in
bytes. The Prestige applies the Mask (bit-wise ANDing) to the data portion before comparing the
result against the Value to determine a match. The Mask and Value fields are specified in
hexadecimal numbers. Note that it takes two hexadecimal digits to represent a byte, so if the
length is 4, the value in either field will take 8 digits, for example, FFFFFFFF.
23-8
No
Not Matched
Not Matched
Not Matched
Not Matched
Yes
Check Next Rule
Check Next Rule
Forward
Check Next Rule
Figure 23-8 Executing an IP Filter
Action Not Matched
Drop
Forward
Accept Packet
Filter Configuration
- Quick Links:
- Rear Panel
Hide quick links:
Advertisement
Table of Contents
