Traffic rule lists – Cyclades PR1000 User Manual

93

Cyclades-PR1000

Chapter 12 - Filters and Rules

The configuration for “Stop forged packets” is shown in the following listing:

Rules Lists

Rule List Name Rule Default List Linked
Status Scope Type Rule List

Slot1_in Enabled Permit Filter

--------------------------------------------------------------------------------
FILTER_LIST NAME: Slot1_in

## PROT OP Source IP Address OP SRC PORT CNX ACC LOG SC STA
Destination IP Address DST PORT

0 - == 192.168.0.0 255.255.0.0 -- Y N - D EN
-- --

Slot1_in, rule 0

, prohibits any incoming packets with source IP addresses of the internal network. Since the

addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is a leak
of traffic through another router to the perimeter network.

Imagine that, as shown in the figure, the network is expanded and another range of IP addresses is used (not a sub-
network).

Rule 0

in the list

Slot1_in

will not protect this network. Either another rule can be added to this list, or the

new router can filter packets into its area (or both).

Traffic Rule Lists

There are three kinds of traffic rules that can be configured in CyROS. The first two determine a division of bandwidth
for traffic flowing out of the router: