Ipx packet filter rule examples, Ipx route filter rules, Ipx r – Compatible Systems 5.4 User Manual

202

Chapter 12 - IPX Filtering

IPX Packet Filter Rule Examples

Drop all packets where the source network number is greater than or equal to
1000 and permit all other packets:

deny srcnet >= 1000
permit type = ALL

Drop all packets from a specific IPX network and node and permit all other
packets:

deny srcnet = FAB4 srcnode = 0.0.A5.0.0.1
permit

Drop all packets where the source socket is a diagnostic packet, log the denial
and permit all other packets through:

deny srcskt = DIAG log
permit

IPX Route Filter Rules

To access an editor window for IPX Route filters, open the Main IPX
Filtering Dialog Box (under Global/Filtering/IPX Filtering) and then select
the Route Filters button.

Route filtering rules are applied globally in the device and are not associated
with any interface. However, they can be restricted to an interface using the
“from” or “to” modifiers in the rule.

A device does not reorder rule sets as they have been specified before they are
applied. They are applied in the order they were written. When multiple filter
sets are selected with CompatiView, the filter sets will be concatenated in the
device from first to last (top to bottom on screen).

Any IPX network not explicitly allowed by the rules will not be included in
the routing table on input or in the routing update on output. To allow all other
network numbers not filtered, the last rule must be:

permit network = ALL

Rules that have been specified using CompatiView may be edited or exam-
ined through the command line interface, and vice-versa. When the rules are
downloaded into the device from CompatiView, they will be encrypted.

Rule sets that have been created with the IPX Route Filter Editor Window
must be selected using the pull-downs in the Main IPX Filtering Dialog Box.