Motorola 3352N ユーザーズマニュアル
165
How individual filters work
As described above, a filter applies criteria to an IP packet and then takes one of three actions:
•
For wards the packet to the local or remote network
•
Blocks (discards) the packet
•
Ignores the packet
A filter for wards or blocks a packet only if it finds a match after applying its criteria. When no match occurs,
the filter ignores the packet.
the filter ignores the packet.
A filtering rule
The criteria are based on information contained in the packets. A filter is simply a rule that prescribes cer-
tain actions based on cer tain conditions. For example, the following rule qualifies as a filter:
tain actions based on cer tain conditions. For example, the following rule qualifies as a filter:
“Block all Telnet attempts that originate from the remote host 199.211.211.17.”
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match
occurs, the packet is blocked.
occurs, the packet is blocked.
Here is what this rule looks like when imple-
mented as a filter in Netopia Embedded Software
Version 7.7.4:
mented as a filter in Netopia Embedded Software
Version 7.7.4:
To understand this par ticular filter, look at the
par ts of a filter.
par ts of a filter.
Parts of a filter
A filter consists of criteria based on packet
attributes. A typical filter can match a packet on
any one of the following attributes:
attributes. A typical filter can match a packet on
any one of the following attributes:
•
The source IP address and subnet mask
(where the packet was sent from)
(where the packet was sent from)
•
The destination IP address and subnet mask
(where the packet is going)
(where the packet is going)
•
The TOS bit setting of the packet. Cer tain
types of IP packets, such as voice or multime-
dia packets, are sensitive to delays introduced
by the network. A delay-sensitive packet is
identified by a special low-latency setting called
the TOS bit. It is impor tant for such packets to
be received rapidly or the quality of ser vice
degrades.
types of IP packets, such as voice or multime-
dia packets, are sensitive to delays introduced
by the network. A delay-sensitive packet is
identified by a special low-latency setting called
the TOS bit. It is impor tant for such packets to
be received rapidly or the quality of ser vice
degrades.
•
The type of higher-layer Internet protocol the packet is carr ying, such as TCP or UDP
Port numbers
A filter can also match a packet’s por t number attributes, but only if the filter’s protocol type is set to TCP
or UDP, since only those protocols use por t numbers. The filter can be configured to match the following:
or UDP, since only those protocols use por t numbers. The filter can be configured to match the following:
•
The source por t number (the por t on the sending host that originated the packet)
•
The destination por t number (the por t on the receiving host that the packet is destined for)