157
Firewall Tutorial
A filtering rule
The criteria are based on information contained in the packets. A filter is simply a rule that
prescribes certain actions based on certain conditions. For example, the following rule
qualifies as a filter:
“Block all Telnet attempts that originate from the remote host 199.211.211.17.”
This rule applies to Telnet packets that come from a host with the IP address
199.211.211.17. If a match occurs, the packet is blocked.
Here is what this rule looks like
when implemented as a filter in
Netopia Firmware Version 7.6:
To understand this particular fil-
ter, look at the parts of a filter.
Parts of a filter
A filter consists of criteria based
on packet attributes. A typical fil-
ter can match a packet on any
one of the following attributes:
•
The source IP address and
subnet mask (where the
packet was sent from)
•
The destination IP address
and subnet mask (where the
packet is going)
•
The TOS bit setting of the
packet. Certain types of IP
packets, such as voice or mul-
timedia packets, are sensi-
tive to delays introduced by the network. A delay-sensitive packet is identified by a
special low-latency setting called the TOS bit. It is important for such packets to be
received rapidly or the quality of service degrades.
•
The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP
