Filter composition, Types of filters, Filter composition 302 types of filters 302 – Enterasys Networks CSX6000 User Manual
Page 302
USER’S GUIDE
302 CyberSWITCH
Sample packet passing through a filter
F
ILTER
C
OMPOSITION
The IP filtering mechanism is composed of three fundamental building blocks:
•
Packet Types
The criteria for describing an IP datagram’s contents: IP Source and Destination Addresses,
Protocol (TCP, UDP, etc.), Protocol-specific fields (TCP port, etc.). For example, Packet Types
can be set up to specify such things as: “all packets arriving from IP Subnetwork X”, “Telnet
packets destined for host Y”, or “All RIP packets”. Packet Types are independently defined and
may be referenced by multiple filters.
•
Conditions
A Packet Type combined with an Action to take when a datagram matches that type. The
Actions are DISCARD or FORWARD.
•
Filter
An ordered list of Conditions. When an IP datagram passes through a filter, a sequential pass
is made through the individual conditions. The first complete match of a Packet Type dictates
the action which is applied to the datagram. When the action is DISCARD, the datagram is
dropped. The filter also contains a configurable Final Condition which specifies the action to
take if no match is found.
T
YPES
OF
F
ILTERS
Forwarding Filters
A Forwarding Filter is a filter which forwards or discards specific packets according to whether
these packets fulfill a list of defined conditions.Forwarding Filters may be applied to packets in one
of the following ways:
•
Globally
: independent of the packet’s input or output path.
•
through the Input Network Interface: applies the filter only to packets arriving on a specific
IP Packet
Discard
Type 1
Forward
Type 4
Discard
Type 3
FILTER
Discard
All Other Types
Conditions
Final
Condition
Packet Types:
Type 1: www,www,www
Type 2: xxx,xxx,xxx
Type 3: yyy,yyy
Type 4: zzz,zzz
Action:
Discard/Forward