Appletalk packet filter rules, General packet filtering, Pple – Compatible Systems 5.4 User Manual

212

Chapter 13 - AppleTalk Filtering

•

The Rename button lets you rename the selected set of filter rules.

•

The Import button lets you import a previously exported set of filter
rules, or a text file in which you have stored filter rules. A file dialog will
pop up to ask you to locate an import file.

•

The Export button lets you export a set of filter rules to disk. A dialog
will pop up to ask you to name the export file.

AppleTalk Packet Filter Rules

The AppleTalk filter editor window allows a set of AppleTalk filtering rules
to be defined, edited and identified with a specific name.

Once a set of rules is defined and named, those rules may be linked to several
different AppleTalk filter interpreters to accomplish different types of
filtering.

Each interpreter understands and uses a subset of the complete AppleTalk
rules. The interpreters available are: general packet filtering, get-zone-list
filtering and route (RTMP) filtering. Each is described below.

The interpreters will not reorder the rules as they are specified. They will be
applied sequentially from the first rule through the last. Any filtered informa-
tion not specifically allowed by the set of rules will be dropped silently. If that
information is to be allowed, a final permit rule must be specified:

permit

There is an interaction between the packet filtering interpreter and the other
interpreters. The packet filter interpreter will be applied to incoming packets
before the other interpreters, and it will be applied to outgoing packets after
the other interpreters. For example, a received get-zone-list request may be
filtered by an input packet filter before it arrives at the get-zone-list inter-
preter and the reply may also be filtered again by an outgoing packet filter.

Rules that have been specified using CompatiView may be edited or exam-
ined through the command line interface. Likewise, rules defined through the
command line interface may be edited through CompatiView. When the rules
are downloaded into the device from CompatiView, they will be encrypted.

General Packet Filtering

This interpreter allows packets being forwarded by the device to be filtered
on the input and output side of an interface. The only rules used in this inter-
preter are the type, srcnet, dstnet, srcnode, dstnode, srcskt and dstskt for