Matching tcp flags, Configuring the tcp flag filter, Matching tcp flags 197 – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

Chapter 7: Filtering

n

197

212777-A, February 2002

Matching TCP Flags

Web OS supports packet filtering based on any of the following TCP flags.

Any filter may be set to match against more than one TCP flag at the same time. If there is
more than one flag enabled, the flags are applied with a logical AND operator. For example, by
setting the switch to filter

SYN

and

ACK

, the switch filters all

SYN-ACK

frames.

N

OTE

–

TCP flag filters must be cache-disabled. Exercise caution when applying cache-

enabled and cache-disabled filters to the same switch port. For more information, see

“Cache-

Enabled versus Cache-Disabled Filters” on page 178

.

Configuring the TCP Flag Filter

N

OTE

–

By default, all TCP filter options are disabled. TCP flags will not be inspected unless

one or more TCP options are enabled.

Consider the following network:

Figure 7-11 TCP ACK Matching Network

Table 7-5 TCP Flags

Flag

Description

URG

Urgent

ACK

Acknowledgement

PSH

Push

RST

Reset

SYN

Synchronize

FIN

Finish

SMTP

Mail Server

Router

Web Switch

Web Servers:

203.122.186.*

Internet

Inside/

Trusted LAN

1

2

3