Specifications
Filters and Rules
AVM Access Server – 5 AVM Access Server Concepts and Functional Principles 61
When creating a filter, you should bear these two important points in
mind:
Each filter profile always treats all packets: the specific rules ap-
ply to certain packets; the default action applies to all others.
The order of the rules in the list is important! You must always
make sure that rules with more specific packet descriptions are
placed higher in the list than more general rules. Otherwise, pack-
ets matching the general description would never be tested
against the more specific description.
When ordering the rules within a filter profile, apply the following
basic principle: Treat special cases first.
A Simple Example
Suppose you want computer B in the LAN to be accessible only from
location A. To achieve this goal, you define the following rules in the
global input filter:
1. Location A may access computer B. In other words, the first filter
rule states: Accept packets for any service whose source is in IP
address block A and whose destination is the IP address of
computer B. This is the special case, the exception to the second,
more general, rule.
2. No one may access computer B. In other words, the second filter
rule states: Drop packets for all services which have any IP
address as the source and computer B’s IP address as the
destination. This rule will be applied to all packets except the
special case covered by the first rule.
The following diagram illustrates the order in which the filter instances
are traversed by incoming, outgoing and forwarded packets. The dia-
gram illustrates the longest possible packet path, assuming that filter
profiles have been selected for all filter instances, and every filter pro-
file contains a matching rule for the packet or the default action
“Accept”.