How filters work, Generic filters, Ip filters – Lucent Technologies 6000 User Manual

Defining Static Filters

Filter overview

MAX 6000/3000 Network Configuration Guide

15-3

timer expires, the session is terminated. With the default Idle Timer setting of 120 seconds, the
MAX unit terminates a connection that has been inactive for two minutes.

How filters work

A Filter profile can include up to 12 input-filter and 12 output-filter specifications (filters).
Each filter has its own forwarding action—forward or drop. The filters are applied in sequence.
At the first successful comparison between a filter and the packet being examined, the filtering
process stops and the forwarding action in that filter is applied to the packet.

If no comparison succeeds, the packet does not match the filter. However, this does not mean
that the packet is forwarded. When no filter is in use, the MAX unit forwards all packets, but
applying a filter to an interface reverses this default. For security purposes, the unit does not
automatically forward nonmatching packets. It requires a filter that explicitly allows such
packets to pass. (For a sample input filter that forwards packets that did not match a previous
filter, see “Examples of an IP filter to prevent local address spoofing” on page 15-15.)

Note:

For a call filter to prevent an interface from remaining active unnecessarily, you must

define filters for both input and output packets. Otherwise, if only input filters are defined,
output packets will keep a connection active, or vice versa.

Generic filters

In a generic filter, all of the settings in a filter specification work together to specify a location
in a packet and a number to be compared to that location. The type of comparison that
constitutes a match (equal or not-equal) must also be specified. When a comparison fails, the
packet undergoes the next comparison. When a comparison succeeds, the filtering process
stops and the forwarding action in that filter is applied to the packet.

If a generic filter is applied as a call filter and a comparison succeeds, the forwarding action is
either to reset the idle timer or not, depending on how the filter is defined. If a generic filter is
applied as a data filter, the forwarding action is either to forward the packet or drop it.

IP filters

In an IP filter, each filter specification includes a set of comparisons that are made in a defined
order. When a comparison fails, the packet undergoes the next comparison. When a
comparison succeeds, the filtering process stops and the forwarding action in that filter is
applied to the packet. The IP filter tests proceed in the following order:

1

Apply the Src Mask value to the Src Adrs value and compare the result to the source
address of the packet. If they are not equal, the comparison fails.

2

Apply the Dst Mask value to the Dst Adrs value and compare the result to the destination
address in the packet. If they are not equal, the comparison fails.

3

If the Protocol parameter is zero (which matches any protocol), the comparison succeeds.
If it is nonzero and not equal to the protocol field in the packet, the comparison fails.

4

If the Src Port Cmp parameter is not set to None, compare the Src Port # number to the
source port number of the packet. If they do not match as specified by the Src Port Cmp
parameter, the comparison fails.