Creating Filters
27-5
For example, a generic filter rule might look like this:
010 ACCEPT generic => origin = data/offset = 22/length = 6/
mask = 0xFFFFFFFFFFFFF/value = 0x0800096f39c8;
Specifying the Filtering Action
You can specify the filtering action for each protocol section that determines
whether a packet is accepted or rejected, if no match occurs with any of the rules
defined in the section. To do this, enter one of the following values as the
last
rule
line of the section:
permit
deny
For example, the following entry would reject IP packets that did not match any of
the rules defined in the IP protocol section:
#filter
IP:
010 ACCEPT tcp-dst-port>=24;
020 ACCEPT src-addr = 128.100.033.001;
030 ACCEPT dst-addr = 200.135.038.009;
040 DENY;
If you do not specify a filtering action, the default filtering action is
PERMIT
.
Creating Filter Files
You can create filter files on your PC using any text editor. Once the file is created,
you’ll use the Trivial File Transfer Protocol (TFTP) to place the filter file in FLASH
memory on your OfficeConnect Gateway.
Table 27-3
Field
Description
line #
Each rule must have a unique number (1-999). You Must Arrange
Rules In Increasing Order.
verb
This field can be one of the following:
ACCEPT - allow the packet access if the condition is met
REJECT - do not allow the packet access if the condition is met
AND - logically use the AND condition with condition of the
next rule to determine if the packet is accepted or rejected.
Both defined conditions must be met.
keyword
The keywords for a generic filter is always GENERIC.
operator
The operator for a generic filter rule is always: =>
origin
Can be either FRAME or DATA
offset
Number of bytes offset from the origin.
length
Number of bytes to compare and mask.
mask
Bit mask in hexadecimal format for logical and packet content.
value
The value in hexadecimal format used to compare with the masked
packet contents
Содержание OfficeConnect 3C100XF
Страница 1: ...http www 3com com OfficeConnect Gateway CLI User s Guide Release 1 0 Part No 10042302 Rev AA ...
Страница 14: ...xiv ...
Страница 18: ...iv ABOUT THIS GUIDE ...
Страница 30: ...1 12 CHAPTER 1 USING THE COMMAND LINE INTERFACE CLI ...
Страница 50: ...3 14 CHAPTER 3 ADMINISTRATIVE CLI COMMANDS ...
Страница 58: ...4 8 CHAPTER 4 CONFIGURING AND MANAGING USERS ...
Страница 70: ...6 8 CHAPTER 6 BRIDGING COMMANDS ...
Страница 78: ...8 4 CHAPTER 8 INTERFACE COMMANDS ...
Страница 82: ...9 4 CHAPTER 9 ARP COMMANDS ...
Страница 88: ...11 4 CHAPTER 11 DHCP COMMANDS ...
Страница 124: ...12 36 CHAPTER 12 IP ROUTING COMMANDS ...
Страница 134: ...13 10 CHAPTER 13 DNS COMMANDS ...
Страница 142: ...15 6 CHAPTER 15 MULTICASTING AND IGMP COMMANDS ...
Страница 160: ...17 8 CHAPTER 17 PPP COMMANDS ...
Страница 182: ...21 6 CHAPTER 21 ADDRESS TRANSLATION COMMANDS ...
Страница 186: ...22 4 CHAPTER 22 IPSEC COMMANDS ...
Страница 188: ...23 2 CHAPTER 23 SECURITY ASSOCIATION SA COMMANDS ...
Страница 192: ...24 4 CHAPTER 24 TCP COMMANDS ...
Страница 204: ...25 12 CHAPTER 25 SNMP COMMANDS ...
Страница 210: ...26 6 CHAPTER 26 IP FILTERS COMMANDS ...
Страница 238: ...29 6 CHAPTER 29 TRACEROUTE COMMANDS ...
Страница 255: ...xv RFC 1483 16 3 RFC 1483 MER 16 4 ...
Страница 256: ...xvi ...
Страница 260: ......