Compatible Systems 5.4 Manuale Utente
Chapter 12 - IPX Filtering
199
•
The Import button lets you import a previously exported set of filter
rules, or a text file in which you have stored filter rules. A file dialog will
pop up to ask you to locate an import file.
rules, or a text file in which you have stored filter rules. A file dialog will
pop up to ask you to locate an import file.
•
The Export button lets you export a set of filter rules to disk. A dialog
will pop up to ask you to name the export file.
will pop up to ask you to name the export file.
IPX Packet Filter Rules
To access an editor window for IPX Packet filters, open the Main IPX
Filtering Dialog Box (under Global/Filtering/IPX Filtering) and then select
the Packet Filters button.
Filtering Dialog Box (under Global/Filtering/IPX Filtering) and then select
the Packet Filters button.
Packet filtering rules are applied on a per interface basis. Whether they are
used as input filters, output filters, or both, depends on which pulldown is
used to select them in the IPX Filtering Dialog Box for a particular interface.
used as input filters, output filters, or both, depends on which pulldown is
used to select them in the IPX Filtering Dialog Box for a particular interface.
A device does not reorder rule sets as they have been specified before they are
applied. They are applied in the order they were written. When multiple filter
sets are selected with CompatiView, the filter sets will be concatenated in the
device from first to last (top to bottom on screen).
applied. They are applied in the order they were written. When multiple filter
sets are selected with CompatiView, the filter sets will be concatenated in the
device from first to last (top to bottom on screen).
Any IPX packet not explicitly allowed by the rules will not be passed through
the filter. To allow all other packets not filtered, the last rule must be:
the filter. To allow all other packets not filtered, the last rule must be:
permit
Rules that have been specified using CompatiView may be edited or exam-
ined through the command line interface, and vice-versa. When the rules are
downloaded into the device from CompatiView, they will be encrypted.
ined through the command line interface, and vice-versa. When the rules are
downloaded into the device from CompatiView, they will be encrypted.
Basic IPX Packet Filter Rules and Syntax
At a minimum, every non-comment line in a filter set must include an action.
However, an action alone will not create a useful filter rule (except for setting
a default rule as noted above).
However, an action alone will not create a useful filter rule (except for setting
a default rule as noted above).
Every line in a packet filter set must begin with the actions permit or deny,
or the comment indicator #.
or the comment indicator #.
•
Lines which begin with permit specify that a packet meeting the condi-
tions should be passed by the filter.
tions should be passed by the filter.
•
Lines which begin with deny specify that a packet meeting the condi-
tions should be dropped by the filter.
tions should be dropped by the filter.
•
Lines which begin with # specify that the text on the line is a comment
and should be ignored.
and should be ignored.