Creating ip filters, Creating ip filters -6, Filtering icmp packets – Lucent Technologies PortMaster User Manual

Creating Filters

9-6

PortMaster Configuration Guide

Creating IP Filters

You can create a rule that filters IP packets according to their source and destination IP
addresses. For more information on the command syntax for creating filters, see the
PortMaster Command Line Reference.

To create an IP filter rule that filters by address, use the following command—entered
on one line:

Command> set filter Filtername RuleNumber permit|deny [Ipaddress/NM
Ipaddress(dest)/NM] [protocol Number] [log] [notify]

You can replace protocol Number with one of the following keywords:

•

esp—matches packets using Encapsulation Security Payload (ESP) protocol. See
RFC 1827 for more information on this protocol.

•

ah—matches packets using Authentication Header (AH) protocol. See RFC 1826 for
more information on this protocol.

•

ipip—matches packets using the IP Encapsulation within IP (IPIP). See RFC 2003
for more information on this protocol.

If you are using ChoiceNet, you can also replace either the source or destination IP
address with the value =ListName which specifies a list of sites in the
/etc/choicenet/lists directory in the ChoiceNet server. The equal sign (=) must
immediately precede the value.

Filtering ICMP Packets

Internet Control Message Protocol (ICMP) packets—commonly known as ping
packets—report errors and provide other information about IP packet processing. You
can filter ICMP packets by source and destination IP address, or by ICMP packet type.
Packet types are identified in RFC 1700.

To create an ICMP filter rule, use the following command—entered on one line:

Command> set filter Filtername RuleNumber permit|deny [Ipaddress/NM
Ipaddress(dest)/NM] icmp [type Itype] [log]