Rule to permit dns into your local network, Rule to listen to rip information, Rule to permit dns into your local network -12 – Lucent Technologies PortMaster User Manual

Example Filters

9-12

PortMaster Configuration Guide

The rules for the input filter are as follows:

Command> set filter internet.in 1 permit 0.0.0.0/0 192.168.0.1/32 tcp src eq
20 dst gt 1023
Command> set filter internet.in 2 permit 0.0.0.0/0 192.168.0.1/32 tcp src eq
21 estab
Command> set filter internet.in 3 permit 0.0.0.0/0 172.16.0.2/32 tcp dst eq 21
Command> set filter internet.in 4 permit 0.0.0.0/0 172.16.0.2/32 tcp src gt
1023 dst eq 20 estab

The rules for the output filter are as follows:

Command> set filter internet.out 1 permit 192.168.0.1/32 0.0.0.0/0 tcp dst eq
21
Command> set filter internet.out 2 permit 192.168.0.1/32 0.0.0.0/0 tcp src gt
1023 dst eq 20 estab
Command> set filter internet.out 3 permit 172.16.0.2/32 0.0.0.0/0 tcp src eq
20 dst gt 1023
Command> set filter internet.out 4 permit 172.16.0.2/32 0.0.0.0/0 tcp src eq
21 dst gt 1023 estab

If you allow any internal host to send out packets with FTP, replace 192.168.0.1/32 with
0.0.0.0/0 or your network_number/24. Take appropriate precautions to reduce the risk
this configuration creates.

Rule to Permit DNS into Your Local Network

If the DNS name server for your domain is outside your local network, you should add
the following rule to your input filter:

Command> set filter filtername RuleNumber permit udp src eq 53

This rule permits DNS replies into your local network.

Rule to Listen to RIP Information

To permit incoming RIP packets, add the following rule to your input filter:

Command> set filter filtername RuleNumber permit 172.16.0.0/32 192.168.0.0/32
udp dst eq 520

In the above example, 172.16.0.0/32 is the other end of the Internet connection and
192.168.0.0/32 is the local address of the connection.