Pattern filtering – Perle Systems PERLE P850 User Manual
Page 68
Introduction to Filtering
62
You may easily prevent stations on one segment from accessing all but
a specific resource on the other segment; for this, “negative” filtering
and the use of “Forward if Destination” would be appropriate. If you
want to disallow all but one specific station from accessing any service
on the other segment, the use of “Forward if Source” could be used.
Pattern Filtering
Pattern filtering is provided in three separate sections: Bridge Pattern
Filters, IP Router Pattern Filters, and IPX Router Pattern Filters.
When the P850 is operating as an IP/IPX Bridge/Router, each of the
frames received from the local LAN is passed on to the appropriate
internal section of the P850. The IPX frames are passed on to the
IPX router, the IP frames are passed on to the IP router, and all other
frames are passed on to the bridge. Different pattern filters may be
defined in each of these sections to provide very extensive pattern
filtering on LAN traffic being sent to remote LANs.
Pattern filters are created by defining an offset value and a pattern
match value. The offset value determines the starting position for the
pattern checking. An offset of 0 indicates that the pattern checking
starts at the beginning of the data frame. An offset of 12 indicates that
the pattern checking starts at the 12
th
octet of the data frame. When a
data frame is examined in its HEX format, an octet is a pair of HEX
values with offset location 0 starting at the beginning of the frame.
Please refer to Appendix C - Octet Locations on Ethernet Frames for more
information on octet locations in data frames.
The pattern match value is defined as a HEX string that is used to
match against the data frame. If the HEX data at the appropriate
offset location in the data frame matches the HEX string of the filter
pattern, there is a positive filter match. The data frame will be filtered
according to the filter operators being used in the filter pattern.