Netopia 2200 Manual Do Utilizador
156
Filter priority
Continuing the customs inspectors analogy, imagine the
inspectors lined up to examine a package. If the package
matches the first inspector’s criteria, the package is either
rejected or passed on to its destination, depending on the
first inspector’s par ticular orders. In this case, the package
is never seen by the remaining inspectors.
inspectors lined up to examine a package. If the package
matches the first inspector’s criteria, the package is either
rejected or passed on to its destination, depending on the
first inspector’s par ticular orders. In this case, the package
is never seen by the remaining inspectors.
If the package does not match the first inspector’s criteria,
it goes to the second inspector, and so on. You can see that
the order of the inspectors in the line is ver y impor tant.
it goes to the second inspector, and so on. You can see that
the order of the inspectors in the line is ver y impor tant.
For example, let’s say the first inspector’s orders are to
send along all packages that come from Rome, and the sec-
ond inspector’s orders are to reject all packages that come
from France. If a package arrives from Rome, the first
inspector sends it along without allowing the second inspec-
tor to see it. A package from Paris is ignored by the first
inspector, rejected by the second inspector, and never seen
by the others. A package from London is ignored by the first
two inspectors, so it’s seen by the third inspector.
send along all packages that come from Rome, and the sec-
ond inspector’s orders are to reject all packages that come
from France. If a package arrives from Rome, the first
inspector sends it along without allowing the second inspec-
tor to see it. A package from Paris is ignored by the first
inspector, rejected by the second inspector, and never seen
by the others. A package from London is ignored by the first
two inspectors, so it’s seen by the third inspector.
In the same way, filter sets apply their filters in a par ticular
order. The first filter applied can for ward or discard a packet
order. The first filter applied can for ward or discard a packet
before that packet ever reaches any of the other filters. If the first filter can neither for ward
nor discard the packet (because it cannot match any criteria), the second filter has a
chance to for ward or reject it, and so on. Because of this hierarchical structure, each filter
is said to have a priority. The first filter has the highest priority, and the last filter has the
lowest priority.
nor discard the packet (because it cannot match any criteria), the second filter has a
chance to for ward or reject it, and so on. Because of this hierarchical structure, each filter
is said to have a priority. The first filter has the highest priority, and the last filter has the
lowest priority.
How individual filters work
As described above, a filter applies criteria to an IP packet and then takes one of three
actions:
actions:
•
For wards the packet to the local or remote network
•
Blocks (discards) the packet
•
Ignores the packet
A filter for wards or blocks a packet only if it finds a match after applying its criteria. When
no match occurs, the filter ignores the packet.
no match occurs, the filter ignores the packet.
packet
first
filter
filter
match?
yes
for ward
discard?
to network
discard
(delete)
(delete)
forward
no
to next
filter
filter
send
or