Zhone 2004 用户指南
A p p l i c a t i o n N o t e s
C-5
Filtering Interface
You may apply IP Filtering to any interface that carries IP traffic. Rule sets
can be defined for both inbound and outbound traffic through each interface.
The block diagram below shows where IP Filtering is performed on the IAD.
can be defined for both inbound and outbound traffic through each interface.
The block diagram below shows where IP Filtering is performed on the IAD.
Figure C-1.
IAD Block Diagram With IP Filtering Shown
IP Filtering can be applied to either WAN or LAN ports; these are the only
two that can carry IP traffic. For connections to the Internet, the WAN port is
the best choice. All examples provided below assume the WAN port is the
selected port. Although you may select the LAN port as well, it is not
recommended, as this would make your network vulnerable if support
protocols such as Telnet or TFTP are targeted. Port selection is also important
because it establishes a point of view for defining filters. An input filter on
the WAN port will block or pass packets entering the WAN port. An input
filter on the LAN port will block or pass packets entering the LAN port.
two that can carry IP traffic. For connections to the Internet, the WAN port is
the best choice. All examples provided below assume the WAN port is the
selected port. Although you may select the LAN port as well, it is not
recommended, as this would make your network vulnerable if support
protocols such as Telnet or TFTP are targeted. Port selection is also important
because it establishes a point of view for defining filters. An input filter on
the WAN port will block or pass packets entering the WAN port. An input
filter on the LAN port will block or pass packets entering the LAN port.
IP Filtering on a WAN port for inbound traffic is performed after NAT
has occurred. IP Filtering on a WAN port for outbound traffic is
performed prior to NAT.
has occurred. IP Filtering on a WAN port for outbound traffic is
performed prior to NAT.
IP Filtering rule sets are defined using the ifname for each interface.
The ifname for a particular interface can be viewed from Current
Configuration. In general, the ifname is an abbreviated interface name
with the port number. For example, the Ethernet interface ifname is
eth0. ATM PVC interface names would be atm0, atm1, atm2, etc.
The ifname for a particular interface can be viewed from Current
Configuration. In general, the ifname is an abbreviated interface name
with the port number. For example, the Ethernet interface ifname is
eth0. ATM PVC interface names would be atm0, atm1, atm2, etc.