User's Manual
Table Of Contents
- Table of Contents
- CHAPTER 1 Introduction
- CHAPTER 2 Device Configuration
- Important Safety Instructions
- Motorola® Gateway Status Indicator Lights
- Battery Installation (optional)
- Battery Door Installation Instructions
- Battery Door Removal Instructions
- Cradle Installation Instructions
- Set up the Motorola Gateway
- Accessing the Web Management Interface
- Device Status page
- Tab Bar
- Help
- Links Bar
- Broadband
- Home Network
- Voice
- Firewall
- Diagnostics
- CHAPTER 3 Basic Troubleshooting
- CHAPTER 4 Command Line Interface
- Overview
- Starting and Ending a CLI Session
- Using the CLI Help Facility
- About SHELL Commands
- SHELL Commands
- About CONFIG Commands
- CONFIG Commands
- Connection commands
- Filterset commands
- Queue commands
- IP Gateway commands
- IPv6 Commands
- IP DNS commands
- IP IGMP commands
- NTP commands
- Application Layer Gateway (ALG) commands
- Dynamic DNS Commands
- Link commands
- Management commands
- Remote access commands
- Physical interfaces commands
- PPPoE relay commands
- NAT Pinhole commands
- Security Stateful Packet Inspection (SPI) commands
- VoIP commands
- System commands
- Debug Commands
- CHAPTER 5 Technical Specifications and Safety Information
- Appendix A Motorola® Gateway Captive Portal Implementation
- Appendix B Quality of Service (QoS) Examples
- Index
Administrator’s Handbook
64
Parts of a filter
A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the follow-
ing attributes:
◆ The source IP address (where the packet was sent from)
◆ The destination IP address (where the packet is going)
◆ The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP
Other filter attributes
There are three other attributes to each filter:
◆ The filter’s order (i.e., priority) in the filterset
◆ Whether the filter is currently active
◆ Whether the filter is set to forward packets or to block (discard) packets
Design guidelines
Careful thought must go into designing a new filterset. You should consider the following guidelines:
◆ Be sure the filterset’s overall purpose is clear from the beginning. A vague purpose can lead to a faulty set, and
that can actually make your network less secure.
◆ Be sure each individual filter’s purpose is clear.
◆ Determine how filter priority will affect the set’s actions. Test the set (on paper) by determining how the filters
would respond to a number of different hypothetical packets.
◆ Consider the combined effect of the filters. If every filter in a set fails to match on a particular packet, the
packet is:
• Forwarded if all the filters are configured to discard (not forward)
• Discarded if all the filters are configured to forward
• Discarded if the set contains a combination of forward and discard filters
An approach to using filters
The ultimate goal of network security is to prevent unauthorized access to the network without compromising
authorized access. Using filtersets is part of reaching that goal.
Each filterset you design will be based on one of the following approaches:
◆ That which is not expressly prohibited is permitted.
◆ That which is not expressly permitted is prohibited.
It is strongly recommended that you take the latter, and safer, approach to all of your filterset designs.