Avocent Access Router Cyclades-PR2000 User Manual
Page 104
104
Chapter 12 - Filters and Rules
Cyclades-PR2000
The configuration for “Stop forged packets” is shown in the following listing:
Rules Lists
Rule List Name
Rule
Default
List
Linked
Status
Scope
Type
Rule
List
slot1_in
Enabled
Permit
Filter
Filter_list Name slot1_in
Rule 0
Status
Enabled
Scope
Deny
Protocol
0
Source IP Operator
Equal
Source IP start
10.0.0.0
Source IP Mask
255.0.0.0
Destination IP Operator
None
Source Port Operator
None
Destination Port Operator
None
TCP connections allowed
Y
Account Process allowed
N
FIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLE
Slot1_in, rule 0
, prohibits any incoming packets with source IP addresses of the internal network. Since
the addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is
a leak of traffic through another router to the perimeter network.
Imagine that, as shown in the figure, the network is expanded and another range of IP addresses is used (not a
sub-network).
Rule 0
in the list
Slot1_in
will not protect this network. Either another rule can be added to
this list, or the new router can filter packets into its area (or both).