Manualshelf

User manual

ManualsBrandsAlvarion ManualsNetworkingBreezeNET B300 GigE
181182183184185186187188189190
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall)
Alvarion BreezeNET B130/B300 GigE 175 Operational User Manual
The algorithm of applying any specific filter to a packet is as follows:
1 If the value in the proto field of the filter is not all, and the packet's protocol is
different from that specified in the filter, then the filter is skipped (not applied)
for this packet.
2 If the source address in the packet differs from that specified in the filter, then
the filter is skipped (if the source address is specified in the filter with a mask,
then the mask is applied to both addresses before comparing them).
3 If the destination address in the packet differs from that specified in the filter,
then the filter is skipped (a mask, if any, is applied similarly to the previous
step).
4 If the ip_fragment modifier is specified in the filter, but the packet is not an IP
fragment, then the filter is skipped.
5 If the ip_tail_fragment modifier is specified, but the packet is either the first
or the only fragment, then the filter is skipped.
6 If the ip_head_fragment modifier is specified, but the packet is not the first
fragment of a fragmented IP packet, then the filter is skipped.
7 If the tcp_connection modifier is specified, but the packet is not the first or
the only fragment of a TCP connection establishment TCP/IP packet, then the
filter is skipped.
8 If the ip_option modifier is specified, but the packet has no options (with
possible exception for NO-OP or EOL options), then the filter is skipped.
9 If the ip_recroute_option modifier is specified, but the packet has no related
options, then the filter is skipped.
10 If the ip_misc_option modifier is specified, but the packet has no IP options
(with possible exception for record-route, timestamp, NO-OP or EOL options),
then the filter is skipped.
11 If the value in the proto field of the filter is udp or tcp, and the source address
in the filter contains a port list, then, if the packet is neither the first nor the
only fragment, or if the source port in the packet does not match any port
specified in the filter, then the filter is skipped.
12 If the value in the proto field of the filter is udp or tcp, and the destination
address in the filter contains a port list, then, if the packet is neither the first
nor the only fragment, or if the destination port in the packet does not match
any port specified in the filter, then the filter is skipped.