Generic filter rule, Step by step guide to creating filter files – 3Com ADSL Modem Ethernet User Manual

Page 30

Advertising
background image

4-4

C

HAPTER

4: F

ILTERING

C

APABILITIES

The OR operation can be implemented by successive rules. For example, to accept
a packet if the source address is xxx, or the destination address is yyy, the
following rules are used:

BR-ETH:
1 ACCEPT src-addr=00-20-69-00-00-01;
2 ACCEPT dst-addr=00-20-69-00-00-02;
999 DENY;

The following table describes the keywords for the bridge protocol section and
their legal operators used in the rule syntax. (xx is a hex number).

Generic Filter Rule

The syntax for generic filters is slightly different than that for other protocol filters:

<line #> <verb> GENERIC => ORIGIN = FRAME/OFFSET = <# of bytes>/

LENGTH = <# of bytes>/MASK = < 0x Mask>/VALUE = <0x value>

ORIGIN - The location in the packet to start the offset count. This is at byte 0
(FRAME).

OFFSET - The number of bytes from the origin to skip before comparing the
value to the packet contents.

LENGTH - The number of bytes in the packet to compare to the value.

MASK - The mask to logically "and" with the packet contents before
comparing with the value (hex).

VALUE - The value (hex) to compare to the packet contents.

For example, a generic bridge filter to prevent all IP packets from being bridged is:

BR-ETH:

1 reject

generic=>origin=frame/offset=12/length=2/mask=0xFFFF/value=0x0800;

Step by Step Guide to

Creating Filter Files

This section presents a step-by-step guide for creating and applying filters. These
steps assume that the filter file is created on a remote workstation and then
transferred to FLASH memory using TFTP. If you use the CLI create text command
to create the filter file, you can omit steps 9 and 10.

To create a filter file:

1 Open a new text file. Enter the file descriptor on the first line: #filter

2 Enter the section header followed by a colon for the protocol rules you want to

define. For example: BR-ETH:

3 You can comment a section header out by placing a # sign before the section

header. This is useful if you want to insert a placeholder for a protocol section you

Table 4-2 Protocol Keywords

ProtocolSection

Keyword

Operators Description and Value Range

BR-ETH

src-addr
dst-addr
generic

=, !=
=, !=
=

Source MAC address (xx-xx-xx-xx-xx-xx)
Destination MAC address (xx-xx-xx-xx-xx-xx)
Generic filter

Advertising
Popular Brands
Popular manuals