How individual filters work, A filter’s actions, A filtering rule – Netopia R2020 User Manual

Page 211: Parts of a filter, Port numbers, How individual filters work -7

Advertising
background image

Security 14-7

How individual filters work

As described above, a filter applies criteria to an IP packet and then takes one of three actions:

A filter’s actions

Passes the packet to the local or remote network

Blocks (discards) the packet

Ignores the packet

A filter passes or blocks a packet only if it finds a match after applying its criteria. When no match occurs, the
filter ignores the packet.

The criteria are based on information contained in the packets. A filter is simply a rule that prescribes cer tain
actions based on cer tain conditions. For example, the following rule qualifies as a filter:

A filtering rule

Block all Telnet attempts that originate from the remote host 199.211.211.17.

This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match
occurs, the packet is blocked.

Here is what this rule looks like when implemented as a filter on the Netopia R2020:

To understand this par ticular filter, look at the par ts of a filter.

Parts of a filter

A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the
following attributes:

The source IP address (where the packet was sent from)

The destination IP address (where the packet is going)

The type of higher-layer Internet protocol the packet is carr ying, such as TCP or UDP

Port numbers

A filter can also match a packet’s por t number attributes, but only if the filter’s protocol type is set to TCP or
UDP, since only those protocols use por t numbers. The filter can be configured to match the following:

The source por t number (the por t on the sending host that originated the packet)

The destination por t number (the por t on the receiving host that the packet is destined for)

By matching on a por t number, a filter can be applied to selected TCP or UDP ser vices, such as Telnet, FTP, and
World Wide Web. The tables below show a few common ser vices and their associated por t numbers.

+-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+
+--------------------------------------------------------------------+
| 1 199.211.211.17 0.0.0.0 TCP 23 Yes No |
+--------------------------------------------------------------------+

Advertising
Popular Brands
Popular manuals