How individual filters work, A filtering rule parts of a filter port numbers – Motorola Netopia 3342N User Manual
Page 165
165
How individual filters work
As described above, a filter applies criteria to an IP packet and then takes one of three actions:
•
For wards the packet to the local or remote network
•
Blocks (discards) the packet
•
Ignores the packet
A filter for wards or blocks a packet only if it finds a match after applying its criteria. When no match occurs,
the filter ignores the packet.
A filtering rule
The criteria are based on information contained in the packets. A filter is simply a rule that prescribes cer-
tain actions based on cer tain conditions. For example, the following rule qualifies as a filter:
“Block all Telnet attempts that originate from the remote host 199.211.211.17.”
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match
occurs, the packet is blocked.
Here is what this rule looks like when imple-
mented as a filter in Netopia Embedded Software
Version 7.7.4:
To understand this par ticular filter, look at the
par ts of a filter.
Parts of a filter
A filter consists of criteria based on packet
attributes. A typical filter can match a packet on
any one of the following attributes:
•
The source IP address and subnet mask
(where the packet was sent from)
•
The destination IP address and subnet mask
(where the packet is going)
•
The TOS bit setting of the packet. Cer tain
types of IP packets, such as voice or multime-
dia packets, are sensitive to delays introduced
by the network. A delay-sensitive packet is
identified by a special low-latency setting called
the TOS bit. It is impor tant for such packets to
be received rapidly or the quality of ser vice
degrades.
•
The type of higher-layer Internet protocol the packet is carr ying, such as TCP or UDP
Port numbers
A filter can also match a packet’s por t number attributes, but only if the filter’s protocol type is set to TCP
or UDP, since only those protocols use por t numbers. The filter can be configured to match the following:
•
The source por t number (the por t on the sending host that originated the packet)
•
The destination por t number (the por t on the receiving host that the packet is destined for)