Zhone 2000 ユーザーガイド
C o n f i g u r a t i o n
91
Configure IP Filtering
IP Filtering lets you specify rules for handling data packets transitioning an
interface. Based on a set of rules, packets can be passed or blocked when
entering or leaving an interface.
IP Filtering is one part of creating a Firewall to protect local networks from
undesirable access.
interface. Based on a set of rules, packets can be passed or blocked when
entering or leaving an interface.
IP Filtering is one part of creating a Firewall to protect local networks from
undesirable access.
NOTICE:
Please refer to the Applications Notes on IP Filtering found in
Appendix C for the general information and syntax needed to program
the filter.
Appendix C for the general information and syntax needed to program
the filter.
NOTICE:
Because each packet must be tested against one or more filters, IP
filtering may significantly affect IAD performance.
filtering may significantly affect IAD performance.
To use IP filtering, you must create a text file called filter.st. This file should
be created and edited external to the IAD and then downloaded via TFTP or
XMODEM. The syntax is defined under the Grammar section on page
page C-255. To configure IP Filtering, Type “F” on the Router Configuration
be created and edited external to the IAD and then downloaded via TFTP or
XMODEM. The syntax is defined under the Grammar section on page
page C-255. To configure IP Filtering, Type “F” on the Router Configuration
menu (Figure 4.51). The IAD displays the IP Filtering Configuration menu.
Figure 4.58
IP Filtering Configuration Menu
If the filter.st file is present on the IAD, IP Filtering will be enabled. The IP
Filtering Configuration Menu then lets you load and unload rule sets, print the
current list of filters, and show and clear IP Filter Statistics.
Each option on the above menu is described in detail below.
Filtering Configuration Menu then lets you load and unload rule sets, print the
current list of filters, and show and clear IP Filter Statistics.
Each option on the above menu is described in detail below.
read filter.st Type “1” to have the IAD load a new rule set from the filter.st file. Once
you have uploaded the file, the IAD will begin filtering without your having
to reboot the IAD. To upload a file to the file system, refer to File System
Menu on page 3-40.
to reboot the IAD. To upload a file to the file system, refer to File System
Menu on page 3-40.
print filters Type “2” to display a list of currently installed input and output filters