Справочное Руководство для Netopia 430 s
Security
7-17
■
Destination IP address mask = 0.0.0.0
Note: To learn about IP addresses and masks, see
3.
, find the destination por t and
protocol numbers (the
local Telnet por t):
■
Proto = TCP (or 6)
■
D. Por t = 23
4.
The filter should be enabled and instructed to block the Telnet
packets containing the source address shown in step 2:
packets containing the source address shown in step 2:
■
On? = Yes
■
Fwd = No
This four-step process is how we produced the following filter from
the original rule:
the original rule:
+-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd
+--------------------------------------------------------------------+
1 199.211.211.17
0.0.0.0
TCP
23
Yes No
Filtering example #2
Suppose a filter is configured to block all incoming IP packets with
the source IP address of 200.333.14.0, regardless of the type of
connection or its destination. The filter would look like this:
the source IP address of 200.333.14.0, regardless of the type of
connection or its destination. The filter would look like this:
+-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd
+--------------------------------------------------------------------+
1 200.333.14.0
0.0.0.0
0
Yes No
This filter blocks any packets coming from the remote network with
the IP address 200.333.14.0. The 0 at the end of the address
signifies
the IP address 200.333.14.0. The 0 at the end of the address
signifies
any host on the class C IP network 200.333.14.0. If, for
example, the filter is applied to a packet with the source IP address
200.333.14.5, it will block it.
200.333.14.5, it will block it.
In this case, the mask, which does not appear in the table, must be
set to 255.255.255.0. This way, all packets with a source address
of 200.333.14.x will be matched correctly, no matter what the final
address byte is.
set to 255.255.255.0. This way, all packets with a source address
of 200.333.14.x will be matched correctly, no matter what the final
address byte is.