How filters work – Lucent Technologies PortMaster User Manual

Overview of PortMaster Filtering

9-4

PortMaster Configuration Guide

A maximum of 256 filter rules per filter is allowed for the PortMaster 3 and IRX. For
other PortMaster products, the maximum number of filter rules allowed is 100. The
PortMaster generates an error message when the number of filter rules exceeds the
limit.

How Filters Work

IP and IPX packet filters are attached to users, locations, Ethernet interfaces, or network
hardwired ports as either input or output filters. SAP filters are attached as output filters
only. The Ethernet interface filter is enabled as soon as the name of the input or output
filter is set.

Input and output are defined relative to the PortMaster interface. As shown in
Figure 9-1, an input filter is used on packets entering the PortMaster and an output
filter is used on packets exiting the PortMaster.

Figure 9-1

Input and Output Filters

All packets entering a PortMaster through an interface with an input filter are evaluated
against the rules in the filter. As soon as a packet matches a rule, the action specified by
that rule is taken. If no rules match the specific packet, the packet is denied and is
discarded. Whenever an IP packet is discarded, the PortMaster generates an “ICMP Host
Unreachable” message back to the originator.

For interfaces with output filters attached, all packets exiting the interface are evaluated
against the filter rules and only those packets permitted by the filter are allowed to exit
the interface.

Input filter

Output filter

PortMaster

Packets in from

network users

Packets out to

branch office

Output filter

Input filter

Packets out to
network users

Packets in from

branch office

11820005

Ethernet interface

Serial interface

11820005