Filtering, Chapter 7: filtering 169, Chapter 7, “filtering – Nortel Networks WEB OS 212777 User Manual
Page 169: Hapter
212777-A, February 2002
169
C
HAPTER
7
Filtering
This chapter provides a conceptual overview of filters and includes configuration examples
showing how filters can be used for network security and Network Address Translation (NAT).
The following topics are discussed in this chapter:
n
. This section describes the benefits and filtering criteria to allow
for extensive filtering at the IP and TCP/UDP levels.
o
“Filtering Benefits” on page 170
o
“Filtering Criteria” on page 170
o
“Stacking Filters” on page 172
o
“Overlapping Filters” on page 172
o
“The Default Filter” on page 173
o
“VLAN-based Filtering” on page 174
o
“Optimizing Filter Performance” on page 176
o
o
“IP Address Ranges” on page 178
o
“Cache-Enabled versus Cache-Disabled Filters” on page 178
n
“TCP Rate Limiting” on page 179
. This section explains how TCP rate limiting allows
you to monitor the number of new TCP connections within a configurable time window.
n
“Tunable Hash for Filter Redirection” on page 184
allows you to select any hash parame-
ter for filter redirection.
n
“Filter-based Security” on page 185
. This section provides an example of configuring fil-
ters for providing the best security.
n
“Network Address Translation” on page 191
. This section provides two examples: Internal
client access to the Internet and external client access to the server.
n
“Matching TCP Flags” on page 197
and
“Matching ICMP Message Types” on page 201
.
Describes the ACK filter criteria which provides greater filtering flexibility and lists
ICMP message types that can be filtered respectively.