Tcp and udp parameters – USRobotics NETServer/8 User Manual

8-10 Packet Filters

TCP and UDP parameters

TCP and UDP packets can be filtered by source and destination
socket numbers. This allows you permit or deny specific
services.

<

tcp |udp> src <lt | gt | eq> <TCP/UDP port #>

Compare the source port number in a TCP or UDP packet to a
specific value.

lt or lessthan

less than

eq or equal

equal to

gt or greaterthan

greater than

A sample rule might look something like this:

permit tcp src gt 23

<

tcp |udp>dst <lt | gt | eq> <TCP/UDP port #>

Compare the destination port number in a UDP packet to a
specific value. Example:

deny udp dst eq 40

established or estab

Evaluates whether the packet is for an established connection.
Note that since UDP is not a connection-oriented protocol, this
parameter can only be used in TCP rules. Example

permit tcp dest eq 192 established

Established is usually employed to restrict a normally two-way
connection to only one way. One example would be allowing
internal users to establish FTP sessions with external hosts,
while denying external users FTP access to local hosts. Since a
single FTP session sends packets in both directions, filtering out
FTP packets headed in either direction will kill FTPs in both
directions. See the discussion of FTP below for more informa-
tion.