Ip filtering examples – Eicon Networks DIVA LAN ISDN User Manual

Chapter Nine: Advanced Installations

IP filters

132

• any well known: Applies the filter to any protocol using TCP or UDP ports in the range 0 to 1023.

See RFC 1700 for the complete list of protocols.

• UNIX: Applies the filter to any protocol using TCP or UDP ports in the range 512 to 1023. See RFC

1700 for the complete list of protocols.

• TCP: Many protocols (such as HTTP, FTP, Telnet, News) make use of TCP. If you filter all TCP

traffic you will prevent the use of these protocols. Note that access to the web configuration interface
occurs via HTTP and access to the command line interface (CLI) occurs via Telnet.

• UDP: Many protocols (such as SNMP, Time, TFTP, BOOTP) make use of UDP. If you filter all UDP

traffic, you will prevent the use of these protocols.

• FTP: Applies the filter to all datagrams containing the file transfer protocol.
• Web (HTTP): If you filter all HTTP traffic, you may not be able to reach the web configuration

interface. Filtering outgoing HTTP traffic can be used to prevent users from browsing on the Internet.

• Mail (SMTP): Applies the filter to all datagrams containing the mail (SMTP) protocol.
• Mail (POP3): Applies the filter to all datagrams containing the mail (POP3) protocol.
• Telnet: If you filter all Telnet traffic, you will not be able to reach the command line interface (CLI).
• TFTP: The DIVA LAN ISDN Modem can function as a TFTP server to support uploading and

downloading of configuration files. If you filter TFTP traffic, you will not be able to use this feature.

• DNS: Domain name system. Filtering DNS datagrams can cause disruptions in the ability to access

remote sites.

The following options are also available: NFS/RPC, News, Time (NTP), BOOTP, SNMP, ICMP, Ping
(ICMP), Ping Reply, ICMP Redir. For a description of these protocols, consult the appropriate RFC at the
site www.faqs.org.

8.

Activate the filter by clicking the box that appears to the right of the EDIT button.

9.

Click Save. This makes the filter operational.

Note

Unlike other configurations settings, you do not have to reset the DIVA LAN ISDN Modem to make

filters operational.

IP filtering examples

The examples in this section illustrate how to use filters to:

• Dropping incoming traffic from a specific network

• Allowing incoming traffic only from a specific network

• Blocking web surfing

Note

These examples assume that you have not enabled remote management. If enabled, the default filter

stack you see will only contain the single filter: “Forward all datagrams being sent from anywhere that contain
any protocol.“ If no filters are present, the only visible filter will be "Drop All". The "Forward all" filter is
active but invisible.

Dropping incoming traffic from a specific network

This example defines a filter to make sure that no traffic is accepted from a specific network. Assume the
network has the IP address 213.112.12.0.

Since the filter is applied against data from the Internet, it is defined for the ISP profile. Place this filter in the
third position in the stack.