27-14
C
HAPTER
27: P
ACKET
F
ILTERS
IP RIP Packet Filtering
RIP packets are used to identify all attached networks as well as the number of
router hops required to reach them. These responses are used to update a router’s
table. If the OfficeConnect Gateway is listening for or broadcasting RIP messages,
you should allow them to pass in the appropriate direction(s). You define IP RIP
filtering rules in the IP-RIP protocol section of the filter file.
For example, if you want to filter all routes except the one specified by the IP
network address 195.120.254.145, you would create the following filter rule:
#filter
IP-RIP:
010 ACCEPT network = 195.120.254.145;
030 DENY;
This filter only allows the route 195.120.254.145 into the route table. All other
routes are rejected.
Spurious RIP messages can disrupt your routing tables. If you are listening for RIP
messages on a given interface, you may wish to consider filtering out RIP updates
from untrusted networks.
ICMP Packet Filtering
Internet Control Message Protocol (ICMP) packets contain messages exchanged by
IP modules in both hosts and gateways to report errors, problems and operating
information. ICMP message types are shown below. Note that most are error
messages necessary for the correct operation of TCP/IP.
517
517
talk (terminal to terminal chat)
518
518
ntalk (new terminal chat)
-
520
RIP
540
540
uucp (UNIX to UNIX copy)
540
540
uucp-rlogin
543
543
klogin (Kerberized login)
1642
-
PortMux daemon
-
1645
RADIUS security
-
1646
RADIUS accounting
Table 27-4
TCP
UDP
Description
Table 27-5
Type
Description
0
Echo Reply (Ping)
3
Destination Unreachable
4
Source Quench
5
Redirect (change route)
8
Echo Request (Ping)
11
Time Exceeded for a Datagram
12
Parameter Problem for a Datagram
Содержание OfficeConnect 3C100XF
Страница 1: ...http www 3com com OfficeConnect Gateway CLI User s Guide Release 1 0 Part No 10042302 Rev AA ...
Страница 14: ...xiv ...
Страница 18: ...iv ABOUT THIS GUIDE ...
Страница 30: ...1 12 CHAPTER 1 USING THE COMMAND LINE INTERFACE CLI ...
Страница 50: ...3 14 CHAPTER 3 ADMINISTRATIVE CLI COMMANDS ...
Страница 58: ...4 8 CHAPTER 4 CONFIGURING AND MANAGING USERS ...
Страница 70: ...6 8 CHAPTER 6 BRIDGING COMMANDS ...
Страница 78: ...8 4 CHAPTER 8 INTERFACE COMMANDS ...
Страница 82: ...9 4 CHAPTER 9 ARP COMMANDS ...
Страница 88: ...11 4 CHAPTER 11 DHCP COMMANDS ...
Страница 124: ...12 36 CHAPTER 12 IP ROUTING COMMANDS ...
Страница 134: ...13 10 CHAPTER 13 DNS COMMANDS ...
Страница 142: ...15 6 CHAPTER 15 MULTICASTING AND IGMP COMMANDS ...
Страница 160: ...17 8 CHAPTER 17 PPP COMMANDS ...
Страница 182: ...21 6 CHAPTER 21 ADDRESS TRANSLATION COMMANDS ...
Страница 186: ...22 4 CHAPTER 22 IPSEC COMMANDS ...
Страница 188: ...23 2 CHAPTER 23 SECURITY ASSOCIATION SA COMMANDS ...
Страница 192: ...24 4 CHAPTER 24 TCP COMMANDS ...
Страница 204: ...25 12 CHAPTER 25 SNMP COMMANDS ...
Страница 210: ...26 6 CHAPTER 26 IP FILTERS COMMANDS ...
Страница 238: ...29 6 CHAPTER 29 TRACEROUTE COMMANDS ...
Страница 255: ...xv RFC 1483 16 3 RFC 1483 MER 16 4 ...
Страница 256: ...xvi ...
Страница 260: ......