How filter sets work, Filter priority, How filter sets work – Motorola Netopia 3342N User Manual

Administrator’s Handbook

164

How filter sets work

A filter set acts like a team of customs inspectors. Each filter is an inspector through which incoming and
outgoing packages must pass. The inspectors work as a team, but each inspects ever y package individu-
ally.

Each inspector has a specific task. One inspector’s task may be to examine the destination address of all
outgoing packages. That inspector looks for a cer tain destination—which could be as specific as a street
address or as broad as an entire countr y—and checks each package’s destination address to see if it
matches that destination.

A filter inspects data packets like a customs inspector scrutinizing packages.

Filter priority

Continuing the customs inspectors analogy, imagine the inspectors lined up
to examine a package. If the package matches the first inspector’s criteria,
the package is either rejected or passed on to its destination, depending on
the first inspector’s par ticular orders. In this case, the package is never
seen by the remaining inspectors.

If the package does not match the first inspector’s criteria, it goes to the
second inspector, and so on. You can see that the order of the inspectors in
the line is ver y impor tant.

For example, let’s say the first inspector’s orders are to send along all pack-
ages that come from Rome, and the second inspector’s orders are to reject
all packages that come from France. If a package arrives from Rome, the
first inspector sends it along without allowing the second inspector to see it.
A package from Paris is ignored by the first inspector, rejected by the second
inspector, and never seen by the others. A package from London is ignored
by the first two inspectors, so it’s seen by the third inspector.

In the same way, filter sets apply their filters in a par ticular order. The first fil-
ter applied can for ward or discard a packet before that packet ever reaches
any of the other filters. If the first filter can neither for ward nor discard the
packet (because it cannot match any criteria), the second filter has a chance
to for ward or reject it, and so on. Because of this hierarchical structure,

each filter is said to have a priority. The first filter has the highest priority, and the last filter has the lowest
priority.

INSPECTOR

FROM:

TO:

FROM:

TO:

FROM:

TO:

APPROVED

packet

first
filter

match?

yes

for ward

discard?

to network

discard
(delete)

forward

no

to next
filter

send

or