User guide

ManualsBrandsDigi ManualsComputer equipmentTS 8 MEI

111

112

113

114

115

116

117

118

119

120

set filter

112 Chapter 2 Command Descriptions

Rules for creating filters

When creating filters, follow these rules:

• The action a filter takes depends on the contents of the filter and on the

type of filter it is defined as on the "set user" command. If the filter is

referenced on the:

• "passpacket" option, it will allow packets that meet filter criteria to

pass through a serial port and block all others.

• "bringup" option, it will bring up a connection when the port handles

a packet that meets filter criteria.

• "keepup" option, it will reset the timer defined on the "set user"

"idletimeout" option when the port handles a packet that meets filter

criteria.

• "logpacket" option, it will send a message to the log file when the

port handles a packet that meets filter criteria.

• Filters are made up of 1 to 32 stanzas, each of which expresses filtering

criteria.

• Filter criteria are called tokens. Examples of tokens include IP

addresses, TCP or UDP port numbers, whether a packet is incoming or

outgoing, and several others.

• Tokens must be separated by slashes (/).

• Stanzas are processed in order. That is, first S1 (stanza 1) is processed

and then S2, and so on.

• As soon as a stanza’s criteria is completely satisfied, filtering action

occurs and subsequent stanzas are ignored. For example, if S1

specifies an IP address of 190.159.146.10 and an ICMP message type

7, a packet from that IP address carrying that ICMP message type will

trigger filtering action. Subsequent stanzas will not be processed.

Consequently, you must specify and relationships (all criteria must be

satisfied) in the same stanza and or relationships (any of the criterion

must be satisfied) in different stanzas.

• The exclamation mark (!) at the beginning of a stanza changes how the

filter acts. When a packet is encountered that meets stanza criteria, the

filter does not execute the filter function (for example, bringing up a

connection) and it does not process any more stanzas.

When changes to filter definition settings take effect

The "set filter" command can be used at any time to change and display

filters. However, the results of any changes to filter definition settings take

effect on subsequent PPP connections only. Any PPP connections

established prior to a given filter change will continue to operate using the

previous filter definition settings. For the new filter settings to take effect,

existing PPP sessions must be terminated and reestablished, for example,

by rebooting the PortServer reboot or by issuing the “kill tty" command.