Configuring a filter-based security solution, Table 7-4, Web cache example: real server ip addresses 186 – Nortel Networks WEB OS 212777 User Manual
Page 186
Web OS 10.0 Application Guide
186
n
Chapter 7: Filtering
212777-A, February 2002
Configuring a Filter-Based Security Solution
Before you begin, you must be connected to the switch CLI as the administrator.
In this example, all filters are applied only to the switch port that connects to the Internet. If
intranet restrictions are required, filters can be placed on switch ports connecting to local
devices.
Also, filtering is not limited to the few protocols and TCP or UDP applications shown in this
example. See
for a list of other well-known
protocols and applications.
1.
Assign an IP address to each of the network devices.
For this example, the network devices have the following IP addresses on the same IP subnet:
2.
Create a default filter that will deny and log unwanted traffic.
The default filter is defined as Filter 224 in order to give it the lowest order of precedence:
N
OTE
–
Because the
proto
parameter is not
tcp
or
udp
, the source port (
sport
) and desti-
nation port (
dport
) values are ignored and may be excluded from the filter configuration.
Table 7-4 Web Cache Example: Real Server IP Addresses
Network Device
IP address
Local Subnet
205.177.15.0 - 205.177.15.255
Web Server
205.177.15.2
Mail Server
205.177.15.3
Domain Name Server
205.177.15.4
>> # /cfg/slb/filt 224
(Select the default filter)
>> Filter 224# sip any
(From any source IP addresses)
>> Filter 224# dip any
(To any destination IP addresses)
>> Filter 224# proto any
(For any protocols)
>> Filter 224# action deny
(Deny matching traffic)
>> Filter 224# name deny unwanted traffic
(Provide a descriptive name for the
filter)
>> Filter 224# ena
(Enable the default filter)
>> Filter 224# adv/log enable
(Log matching traffic to syslog)