Filter
Top Products
Chapter 3 IP Firewall Service 45
Understanding Firewall Filters
When you start firewall service, the default configuration denies access to all incoming
packets from remote computers except ports for remote configuration. This provides a
high level of security. You can then add new IP filters to allow server access to those
clients who require access to services.
To learn how IP filters work, read the following section. To learn how to create IP filters,
see “Managing Firewall Service” on page 49.
What is a Filter?
A filter is made up of an IP address and a subnet mask, and sometimes a port number
and access type. The IP address and the subnet mask together determine the range of
IP addresses to which the filter applies, and can be set to apply to all addresses.
IP Address
IP addresses consist of four segments with values between 0 and 255 (the range of an 8
bit number), separated by dots (for example, 192.168.12.12). The segments in IP
addresses go from general to specific (for example, the first segment might belong to
all the computers in a whole company, and the last segment might belong to a specific
computer on one floor of a building).
Subnet Mask
A subnet mask indicates which segments in the specified IP address can vary on a
given network and by how much. The subnet mask is given in Classless Inter Domain
Routing (CIDR) notation. It consists of the IP address followed by a slash (/) and a
number from 1 to 32, called the IP prefix. An IP prefix identifies the number of
significant bits used to identify a network.
For example, 192.168.2.1 /16 means the first 16 bits (the first two numbers separated by
periods) are used to represent the network (every machine on the network begins with
192.168) and the remaining 16 bits (the last two numbers separated by periods) are
used to identify hosts (each machine has a unique set of trailing numbers).
LL2351.Book Page 45 Monday, September 8, 2003 2:47 PM