NEXPEED NR304G-4W User’s Manual
NexComm Systems, Inc. 63 PAGE
Configuring IP Filter
Filters inspect packets to determine whether or not to prevent them from entering or leaving your
network. When a filter is in use, NR304G-4W examines every packet in the packet stream and
takes action if the defined filter conditions are present. The action of the NR304G-4W depends
both on the conditions specified within the filter and how the filter is applied. The default action
when no filter is used is forwarding all packets.
You can define conditions in filters as the following rules:
1> determine the interface to apply the filters
2> whether to apply the filter to inbound packets, outbound packets.
3> whether to drop(reject) all packets except the ones you explicitly allow, or
forward(accept) all packets except the ones you explicitly drop.
Defining IP filter conditions
You can define an IP filter and this filter examines source addresses, destination
addresses, and IP protocol types (TCP/UDP/ICMP) and ports, in any combination.
The IP filter can be defined individually for the inbound packets and outbound packets,
respectively, and the IP filters examines packets in the filter’s number.(proceeding from
a smaller number to a larger number.)
COMMAND
(conf)# filter in|out <num> block|pass [<proto>] [<expressions>]
Parameters
in|out : Set for 'in packet' or 'out packet'
<num> - Filter number
block|pass : Determine whether packet is to be blocked or passed.
<proto> - Specify protocol (TCP, UDP, ICMP) (Possible to omit)
[<expressions>]
src <address> - Specify a source IP address (Possible to omit)
dst <address> - Specify a destination IP address (Possible to omit)
<address> = A.B.C.D/M[:<lport>[-<hport>]]
A.B.C.D : IP address
M : Subnet mask value (the number of ‘1’ bits)
<lport>[-<hport>] : low num – [high num]
- Port number (TCP) or ID number (ICMP)
