Tcp/ip packet filtering – USRobotics NETServer/8 User Manual

8-8 Packet Filters

TCP/IP packet filtering

After the filter name, rule number and permit/deny, IP rules start
with the following parameters:

<source address/mask> <destination address/mask> <

tcp | udp | icmp>

Depending on the protocol, there can be more options following
these parameters. See TCP and UDP parameters and Filtering
ICMP packets (below) for more information.

Source Address

The address given here is compared to the source address of the
packet. Note that only the part of the address specified by the
mask field is used in the comparison. If a match is found, the
packet is forwarded (rules containing permit) or discarded
(rules containing deny).

The following rule example permits source addresses that match
the first 16 bits of the given IP address (that is, addresses begin-
ning with 192.77):

permit 192.77.200.203/16

Note:

The source address and destination address fields gener-

ally are used to limit permitted access to trusted hosts and
networks only, to explicitly deny access to hosts and networks
that are not trusted, or to limit external access to a given host
(for example, a web server or a firewall). For example, the
following rule permits (SMTP) E-mail packets only if they are
from the host 192.77.203.24.

permit 192.77.203.24/32 0.0.0.0/0 tcp dst eq 25