User manual

Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall)

Alvarion BreezeNET B130/B300 GigE 171 Operational User Manual

4.9 Ipfw Command (IP Firewall)

4.9.1 General Description

IP Firewall is a mechanism of filtering packets crossing an IP network node,

according to different criteria. System administrator may define a set of incoming

filters (add) and a set of outgoing filters (addout). The incoming filters determine

which packets may be accepted by the node. The outgoing filters determine which

packets may be forwarded by the node as a result of routing.

Each filter describes a class of packets and defines how these packets should be

processed (reject and log, accept, accept and log).

Packets can be filtered based on the following criteria:

 Protocol (IP, TCP, UDP, ICMP, ARP);

 Source address and/or destination address (and port numbers for TCP and

UDP);

 The network interface it arrived on;

 Whether the packet is a TCP/IP connection request (a packet attempting to

initiate a TCP/IP session) or not;

 Whether the packet is a head, tail or intermediate IP fragment;

 Whether the packet has certain IP options defined or not;

 The MAC address of the destination station or of the source station.

Below figure illustrates how packets are processed by the filtering mechanism of

the device.