Filter editor dialog box buttons and controls, Tcp/ip route filter rules, Tcp/ip r – Compatible Systems 5.4 User Manual
Page 191: Oute, Ilter, Ules
Chapter 11 - TCP/IP Filtering
185
Filter Editor Dialog Box Buttons and Controls
•
The Current Filter pull-down menu lets you select a filter set for
editing.
•
The New button lets you create a new set of filter rules. A dialog box will
pop up to ask you to name the filter set. The name must be 16 characters
or less.
•
The Delete button lets you delete the selected set of filter rules.
•
The Rename button lets you rename the selected set of filter rules.
•
The Import button lets you import a previously exported set of filter
rules, or a text file in which you have stored filter rules. A file dialog box
will pop up to ask you to locate an import file.
•
The Export button lets you export a set of filter rules to disk. A dialog
will pop up to ask you to name the export file.
TCP/IP Route Filter Rules
To access an editor window for TCP/IP route filters, open the Main TCP/IP
Filtering Dialog Box (under Global/Filtering/TCP/IP Filtering) and then
select the Route Filters button.
Route filtering rules are applied globally in the device and are not associated
with any interface. However, they can be restricted to an interface using the
“from” or “to” modifiers in the rule.
A device does not reorder rule sets as they have been specified before they are
applied. They are applied in the order they were written. When multiple filter
sets are selected with CompatiView, the filter sets will be concatenated in the
device from first to last (top to bottom on screen).
Any IP network not explicitly allowed by the rules will not be included in the
routing table on input or in the routing update on output. To allow all other
network numbers not filtered, the last rule must be:
permit 0.0.0.0
Because direct and static routes are configured in the device and not received
via an interface, they are always installed and cannot be filtered.
Rules that have been specified using CompatiView may be edited or exam-
ined through the command line interface, and vice-versa. When the rules are
downloaded into the device from CompatiView, they will be encrypted.