Applying Filters Using CLI
6-37
■
Most importantly, the router does not know which interface an outgoing
packet came in through. If a potential intruder forges a packet with a false
source address (in order to appear as a trusted host or network), there is no
way for an output filter to tell if that packet came in through the wrong
interface. An input filter, on the other hand, can filter out packets purporting
to be from networks that are actually connected to a different interface.
VC/Remote Site Filters
You can configure filters for a specific VC / remote site profile that controls access
to the network for that location. This filter is only applied for the duration of the
remote network connection. As with interface filters, a remote site filter can be
configured to apply to input or output data traffic.
Applying Filters Using
CLI
You can apply filters to interfaces and/or users using the CLI. If you modify a file,
you need to re-assign it to make the changes take effect immediately. Otherwise
the changes will not take effect until the protocol network (IP, IPX, or bridge) that
the filter affects goes down and comes back up. This occurs when a network is
disabled, the WAN connection goes down then up, or when the OfficeConnect
Remote 812 is rebooted.
Do not apply a filter to more than one interface or VC / remote site profile. Also,
do not apply an input and an output filter to more than one Ethernet interface.
Applying a Filter to an
Interface Using CLI
To configure an input or output filter on an interface, use the following CLI
commands:
set interface <interface name> input_filter <filter name>
set interface <interface name> output_filter <filter name>
Interface name is
eth:1
for the Ethernet interface and
atm:1
for the ATM
interface. For example, to apply an input filter to the ethernet interface:
set
interface eth:1 input_filter filter.fil
When assigning the filter to the Ethernet interface, you must turn off filter access
by entering the CLI command
set interface eth:1 filter_access off.
For more information about the filter access, refer to the
Setting Filter Access
section below.
Do not apply a filter to more than one interface or VC / remote site profile. Also,
do not apply an input and an output filter to more than one Ethernet interface.
Configuring a Filter for a
VC/Remote Site Using
CLI
Do not apply a filter to more than one interface or VC/remote site profile.
To configure an input or output filter for a specific user, use the CLI commands:
set vc <vc or remote site name>input_filter <filter_name>
set vc <vc or remote site name>output_filter <filter_name>
For example, to apply an output filter to a user:
set vc corpoffice input_filter
filter.fil
Содержание OfficeConnect 3CP4144
Страница 1: ...http www 3com com OfficeConnectTM Remote 812 ADSL Router CLI User s Guide Release 1 1 ...
Страница 20: ...2 4 CHAPTER 2 CLI COMMAND CONVENTIONS AND TERMINOLOGY ...
Страница 30: ...4 8 CHAPTER 4 QUICK SETUP ...
Страница 36: ...5 6 CHAPTER 5 QUICK VC SETUP ...
Страница 76: ...6 40 CHAPTER 6 MANUAL SETUP ...
Страница 136: ...B 56 APPENDIX B CLI COMMAND DESCRIPTION ...