3com OfficeConnect Remote 812 Manual De Usuario
Creating Filters Using Command Line Interface
6-49
Filter File Components in
CLI
You define the filtering rules used by the router within filter files. Filter files are text
files that are stored in the unit’s FLASH memory. You can create and modify filter
files using an off-line text editor, then TFTPing the finished file on to the unit.
files that are stored in the unit’s FLASH memory. You can create and modify filter
files using an off-line text editor, then TFTPing the finished file on to the unit.
To be valid, a filter file must always have the following file descriptor on the first
line: #filter
line: #filter
Be sure that no blank space precedes the descriptor, or an error will occur.
The remainder of the filter file is partitioned into protocol sections. Each protocol
section has a descriptive header and contains the filter rules for that protocol.
section has a descriptive header and contains the filter rules for that protocol.
Protocol Sections
A single filter file can contain all valid protocol sections in any order, but the
sections cannot be repeated. The following conditions will generate errors or
prevent normal filter operation:
sections cannot be repeated. The following conditions will generate errors or
prevent normal filter operation:
If you do not specify a protocol section in the filter file, no filtering will occur
and packets of that protocol type will be accepted.
and packets of that protocol type will be accepted.
If you specify a protocol section but do not define any rules, an error will occur.
The following table describes the valid protocol sections that you can define in
the filter file.
The following table describes the valid protocol sections that you can define in
the filter file.
To comment out a protocol section, you must place a pound (#) sign before the
section header and before all rules defined in the section.
section header and before all rules defined in the section.
Protocol Rules
You can define protocol rules within each protocol section in the filter file. Protocol
rules determine which packets may and may not access the network. The rule
syntax is:
rules determine which packets may and may not access the network. The rule
syntax is:
<line #> <verb> <keyword> <operator> <value>
The line # range is 1-10. This means you can combine up to 10 rules to create a
filter for a specific protocol. Additionally, line number 999 is used for the DENY
verb.
filter for a specific protocol. Additionally, line number 999 is used for the DENY
verb.
The combination of keyword, operator, and value forms the condition which
(when combined with the verb) determines whether a packet is accepted or
rejected.
(when combined with the verb) determines whether a packet is accepted or
rejected.
When a packet is filtered, the router parses each rule defined in the protocol
section sequentially according to the line number. Filtering is performed based on
section sequentially according to the line number. Filtering is performed based on
Table 6-4 Protocol Sections
Protocol Sections
Descriptions
IP
IP protocol data filter section
IP-RIP
IP RIP advertising filter section
IPX
IPX protocol data filter section
IPX-RIP
IPX RIP advertising filter section
IPX-SAP
IPX SAP advertising filter section
BR-ETH
Bridge protocol data filter