Installing and Administering PPP
98 Chapter 5
Security Techniques
Building a Stanza - Specifics
Building a Stanza - Specifics
The section below explains how different features of a stanza should be
written and the ways you include them in a stanza to affect the
operations of the filter. The features are described in subsections which
include a general explanation, an example, and a comment on the action
caused by the example. The comments are shown on the same line as the
example and begin with a ‘#’ character.
We recommend that readers who are unfamiliar with filtering take the
time to read this section from beginning to end. The topics and examples
build on one another. Therefore, skipping through the examples, you
may see references to keywords you do not recognize or miss the
significance of relationships between some keywords. These topics are
covered:
• Numbers and addresses
• Keywords
• Directions of packets
• Time based restrictions
• ICMP messages
• Logging and tracing
Numbers and Addresses
A number by itself, without an associated protocol name such as tcp or
udp, represents an IP protocol number. IP protocol numbers have a
range of 0-255 and are assigned by the Internet Assigned Number
Authority (IANA). The current list of IP protocols can be found in the
Assigned Numbers RFC.
Example:
!89 # block Open Shortest Path First (OSPF) Interior Gateway
# Protocol (IGP)