Example filters, Simple filter – Lucent Technologies PortMaster User Manual

Configuring Filters

9-9

Example Filters

Example Filters

Because filters are very flexible, you must carefully evaluate the types of traffic that a
specific filter permits or denies through an interface before attaching the filter. If
possible, a filter should be tested from both sides of the filtering interface to verify that
the filter is operating as you intended. Using the log keyword to log packets that match
a rule to the loghost is useful when you are testing and refining IP filters.

Some of the following examples use the 192.168.1.0 network as the public network.
You should substitute the number of your network or subnetwork if you use these
examples.

Note – Any packet that is not explicitly permitted by a filter is denied, except for the
special case of a filter with no rules, which permits everything.

Simple Filter

A simple filter can consist of the following rules:

Command> set filter simple 1 permit udp dst eq 53
Command> set filter simple 2 permit tcp dst eq 25
Command> set filter simple 3 permit icmp
Command> set filter simple 4 permit 0.0.0.0/0 192.168.1.3/32 tcp dst eq 21
Command> set filter simple 5 permit tcp src eq 20 dst gt 1023

Table 9-2

describes, line by line, each rule in the filter.

Table 9-2

Description of Simple Filter

Rule

Description

1.

Permits Domain Name Service (DNS) UDP packets from any host to
any host.

2.

Permits SMTP (mail) packets.

3.

Permits ICMP packets.

4.

Permits FTP from any host, but only to the host 192.168.1.3.

5.

Permits FTP data to return to the requesting host. This rule is required
to provide a reverse channel for the data portion of FTP.

✍