Technical data
98 Chapter 4. Configuring Special Features
IP Filtering
Note:
Filtering is a software option. The following section applies only for routers with this option.
IP Filtering is a type of firewall used to control network traffic. The process involves filtering packets received
from one interface and deciding whether to route them to another interface or discard them.
When it is filtering packets, the router examines information such as the source and destination address contained
in the IP packet, the type of connection, etc., and then screens (filters) the packets based on this information;
packets are either allowed to be forwarded from one interface to another interface or simply discarded.
IP filtering requires IP routing to be enabled. This type of filtering offers great flexibility and control of IP filters,
but configuration of this feature requires using a series of commands that may appear complex to a casual user.
Filters and Interfaces
Filters are commands used to screen IP packets: packets are simply matched against a series of filters. The result
is that packets are either allowed to come through the interface/link or they are dropped. If no filter “matches” the
incoming packet, the packet is accepted by default.
Filters operate at the interface level. Each interface has a series of IP filters associated with it and is defined by
three types of filters: Input filters, Output filters, and Forward filters. A list of filters is created for each interface.
The following illustrates the filter process.
In the following description of the Input, Forward, and Output phases, the reference numbers associated with
filtering steps match the numbers used in the above illustration.
Input Phase
Input Phase
Output Phase
Forward Phase
Input
Filter
N
A
T
1 2
IP-ES
ICMP
Redirect
Forward
Filters
IP Routing
Table
3
Output
Filter
N
A
T
4 5
Forward filters on
the input interface
Forward filters on
the output interface
Routing
Table
Processing