27-2
C
HAPTER
27: P
ACKET
F
ILTERS
Data Filters - based on protocol-specific packet information
Advertisement filters - based on broadcast packet information
Generic filters - based on packet structure
Data Filters
Data filters control network access based on the protocol, source / destination
address and port designation (for example, TCP and UDP port designations) of the
packet.
The OfficeConnect Gateway supports IP-related filters only. This filter controls
network access based on the protocol and source / destination address. IP filter
rules allow filtering on source address, destination address, protocol type, source
port, and port designation of the IP packet.
Advertisement Filters
Advertisement filters operate on network protocol packets that contain varying
information such as RIP. Filtering of these packets is performed by the specific
protocol process.
IP-RIP is the advertising filter supported by the OfficeConnect Gateway. The filter
controls the content of Routing Information Protocol (RIP) packets that are sent
out or received on specific ports. The IP-RIP filtering process filters addresses from
the RIP packet upon transmission (output) filter, and does not enter routes into the
Routing Table upon receipt (input filter).
Generic Filters
Generic filters are specified by byte and offset values in a packet. Packets are
filtered by comparing the packet’s offset value and byte information with the
values that you define in the filter. The Hub accepts or rejects the packet based on
the result.
Creating generic filters can be a complex task. Only experienced users should use
generic filters, and strictly in cases where data and advertising filters cannot
provide the filtering capabilities needed.
Creating Filters
The OfficeConnect Gateway performs packet filtering based on packet filtering
rules that you create. This section describes how to create the packet filters and
includes the following topics:
Filter File Components
Creating Filter Files
Filter File Components
You define the filtering rules used within filter files. Filter files are text files that are
stored in FLASH memory. You can create and modify filter files using an off-line
text editor. You create the file using the syntax and format described here. Then,
you save the file using a .flt extension, and use TFTP to transfer the file to the
OfficeConnect Gateway
To be valid, a filter file must always have the following file descriptor on the first
line:
#filter
Be sure not to leave any blank space before the file descriptor. If you do, you’ll
cause an error to occur.
Summary of Contents for OfficeConnect 3C100XF
Page 1: ...http www 3com com OfficeConnect Gateway CLI User s Guide Release 1 0 Part No 10042302 Rev AA ...
Page 14: ...xiv ...
Page 18: ...iv ABOUT THIS GUIDE ...
Page 30: ...1 12 CHAPTER 1 USING THE COMMAND LINE INTERFACE CLI ...
Page 50: ...3 14 CHAPTER 3 ADMINISTRATIVE CLI COMMANDS ...
Page 58: ...4 8 CHAPTER 4 CONFIGURING AND MANAGING USERS ...
Page 70: ...6 8 CHAPTER 6 BRIDGING COMMANDS ...
Page 78: ...8 4 CHAPTER 8 INTERFACE COMMANDS ...
Page 82: ...9 4 CHAPTER 9 ARP COMMANDS ...
Page 88: ...11 4 CHAPTER 11 DHCP COMMANDS ...
Page 124: ...12 36 CHAPTER 12 IP ROUTING COMMANDS ...
Page 134: ...13 10 CHAPTER 13 DNS COMMANDS ...
Page 142: ...15 6 CHAPTER 15 MULTICASTING AND IGMP COMMANDS ...
Page 160: ...17 8 CHAPTER 17 PPP COMMANDS ...
Page 182: ...21 6 CHAPTER 21 ADDRESS TRANSLATION COMMANDS ...
Page 186: ...22 4 CHAPTER 22 IPSEC COMMANDS ...
Page 188: ...23 2 CHAPTER 23 SECURITY ASSOCIATION SA COMMANDS ...
Page 192: ...24 4 CHAPTER 24 TCP COMMANDS ...
Page 204: ...25 12 CHAPTER 25 SNMP COMMANDS ...
Page 210: ...26 6 CHAPTER 26 IP FILTERS COMMANDS ...
Page 238: ...29 6 CHAPTER 29 TRACEROUTE COMMANDS ...
Page 255: ...xv RFC 1483 16 3 RFC 1483 MER 16 4 ...
Page 256: ...xvi ...
Page 260: ......