Creating Filters
27-3
The remainder of the file is partitioned into protocol sections. Each protocol
section has a descriptive header and contains the filter rules for that protocol.
Protocol Sections
A single filter file can contain all valid protocol sections in any order, but the
sections cannot be repeated. The following conditions will generate errors or
prevent normal filtering:
If you do not specify a protocol section in the filter file, no filtering will occur
and packets of that protocol type will be accepted
If you specify a protocol section but do not define any rules, an error will occur
If you omit a line number, or insert a line out of sequence an error will occur
To comment out a protocol section, you must place a pound (
#
) sign before the
section header
and
before all rules defined in the section.
The following table describes the valid protocol sections that you can define in the
filter file:
Protocol Rules
You can define protocol rules within each protocol section in the filter file. Protocol
rules determine which packets may and may not access the network.
The rule syntax is:
<line #> <verb> <keyword> <operator> <value>;
The combination of keyword, operator, and value forms the condition which,
when combined with the verb, determines whether the packet is accepted or
rejected.
When a packet is filtered, for example, an IP packet, the OfficeConnect Gateway
parses each rule defined in the IP protocol section sequentially according to the
line number. Filtering is performed based on the first match that occurs. If there is
no match, the packet is accepted by default. For this reason, you should order
your protocol rules so that the rules you expect to be most frequently matched are
in the beginning of the section. This reduces the amount of parsing time that
occurs during filtering.
The following table describes each field used in the rule syntax:
Table 27-1
Protocol Section
Description
IP
IP protocol data filter section
IP-RIP
IP-RIP advertising section
LOGIN-ACCESS
Login Access filter section
Содержание OfficeConnect 3C100XF
Страница 1: ...http www 3com com OfficeConnect Gateway CLI User s Guide Release 1 0 Part No 10042302 Rev AA ...
Страница 14: ...xiv ...
Страница 18: ...iv ABOUT THIS GUIDE ...
Страница 30: ...1 12 CHAPTER 1 USING THE COMMAND LINE INTERFACE CLI ...
Страница 50: ...3 14 CHAPTER 3 ADMINISTRATIVE CLI COMMANDS ...
Страница 58: ...4 8 CHAPTER 4 CONFIGURING AND MANAGING USERS ...
Страница 70: ...6 8 CHAPTER 6 BRIDGING COMMANDS ...
Страница 78: ...8 4 CHAPTER 8 INTERFACE COMMANDS ...
Страница 82: ...9 4 CHAPTER 9 ARP COMMANDS ...
Страница 88: ...11 4 CHAPTER 11 DHCP COMMANDS ...
Страница 124: ...12 36 CHAPTER 12 IP ROUTING COMMANDS ...
Страница 134: ...13 10 CHAPTER 13 DNS COMMANDS ...
Страница 142: ...15 6 CHAPTER 15 MULTICASTING AND IGMP COMMANDS ...
Страница 160: ...17 8 CHAPTER 17 PPP COMMANDS ...
Страница 182: ...21 6 CHAPTER 21 ADDRESS TRANSLATION COMMANDS ...
Страница 186: ...22 4 CHAPTER 22 IPSEC COMMANDS ...
Страница 188: ...23 2 CHAPTER 23 SECURITY ASSOCIATION SA COMMANDS ...
Страница 192: ...24 4 CHAPTER 24 TCP COMMANDS ...
Страница 204: ...25 12 CHAPTER 25 SNMP COMMANDS ...
Страница 210: ...26 6 CHAPTER 26 IP FILTERS COMMANDS ...
Страница 238: ...29 6 CHAPTER 29 TRACEROUTE COMMANDS ...
Страница 255: ...xv RFC 1483 16 3 RFC 1483 MER 16 4 ...
Страница 256: ...xvi ...
Страница 260: ......