Page 122 Configuring WAN Connections 90030500B
Examples of filters that perform common functions
Building a firewall with passpacket filters
Filters can be defined to selectively pass or block IP packets based on:
•
Inbound or outbound packet IP address
•
Source or destination IP address
•
TCP/UDP port
•
Protocol
You can configure
passpacket
filters using any or all of these criteria to build a secu-
rity firewall between the Internet and a local network.
For example, if your WWW server has an IP address of 199.86.8.33, configure a filter
similar to that shown below and call it
filter 1
:
s1= 199.86.8.33 //Match if IP source or destination address is
199.86.8.33
You can then enter a command similar to the following:
set user name=webconnection network PassPacket=filter1
This will pass packets that match the WWW server’s IP address and block all others.
A filter that will block all except specific ftp packets
The following filter blocks all incoming
ftp
packets except those to host
199.86.8.22
and allows other packets. You must define
ftp
in the Service Table, using the
set
service
command:
s1=ftp/syn/recv/dst/199.86.8.22//allow incoming ftp with dest
addr of 199.86.8.22
s2=!ftp/syn/recv //allow all other packets except
incoming ftp
A filter that will bring up a connection when it detects IP packets
The following filter brings up a connection when it detects telnet or rlogin IP packets:
s1=telnet
s2=rlogin
To Next Page
Loading...
Need help?
General