Network Router User Manual
Table Of Contents
- Contents
- Introduction
- Making the Physical Connections
- Connecting to Your Local Area Network
- Configuring TCP/IP
- Console-Based Management
- WAN and System Configuration
- Monitoring Tools
- Security
- Utilities and Diagnostics
- Troubleshooting
- Binary Conversion Table
- Further Reading
- Technical Specifications and Safety Information
- Glossary
- Index
- Limited Warranty and Limitation of Remedies
Security 8-69
Src. Port: The source port to match. This is the port on the sending host that originated the packet.
D. Port: The destination port to match. This is the port on the receiving host for which the packet is intended.
On?: Displays Yes when the filter is in effect or No when it is not.
Fwd: Shows whether the filter forwards (Yes) a packet or discards (No) it when there’s a match.
FF
FF
ii
ii
ll
ll
tt
tt
ee
ee
rr
rr
ii
ii
nn
nn
gg
gg
ee
ee
xx
xx
aa
aa
mm
mm
pp
pp
ll
ll
ee
ee
##
##
11
11
Returning to our filtering rule example from above (see page 8-67), look at how a rule is translated into an IP
filter. Start with the rule, then fill in the filter’s attributes:
1. The rule you want to implement as a filter is:
Block all Telnet attempts that originate from the remote host 199.211.211.17.
2. The host 199.211.211.17 is the source of the Telnet packets you want to block, while the destination
address is any IP address.
The Source IP Address Mask and Destination IP Address Mask fields indicate how many bits in the
corresponding address the filter rule applies to.
How these IP addresses are masked determines what the final match will be, although the mask is not
displayed in the table that displays the filter sets (you set it when you create the filter). In fact, since the
mask for the destination IP address is 0.0.0.0, the address for Dest IP Addr could have been anything. The
mask for Source IP Addr must be 255.255.255.255 since an exact match is desired.
■ Source IP Addr = 199.211.211.17
■ Source IP address mask = 255.255.255.255
■ Dest IP Addr = 0.0.0.0
■ Destination IP address mask = 0.0.0.0
3. Using the tables on page 8-67, find the destination port and protocol numbers (the Telnet port):
■ Proto = TCP (or 6)
■ D. Port = 23
4. The filter should be enabled and instructed to block the Telnet packets containing the source address
shown in step 2:
■ On? = Yes
■ Fwd = No
This four-step process is how we produced the following filter from the original rule:
+-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+
+----------------------------------------------------------------------+
| 1 192.211.211.17 0.0.0.0 ANY -- -- Yes No |
| |
+----------------------------------------------------------------------+