Product specifications
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-76 Efficient Networks
®
Configure Bridge Filtering
Bridge filtering allows you to control the packets transferred across the router. This
feature can be used to enhance security or improve performance. The filtering is
based on matched patterns within the packet at a specified offset. Two filtering modes
are available:
• “Deny” mode will discard any packet matched to the “deny” filters in the filter
database and let all other packets pass.
• “Allow” mode will only pass the packets that match the “allow” filters in the
filter database and discard all others.
Up to 40 “allow” filters or 40 “deny” filters can be activated from the filter database.
Enter the filters, including the pattern, offset, and filter mode, into a filter database. If
you intend to restrict specific stations or subnetworks from bridging, then add the
filters with a “deny” designation and then enable “deny” filtering. If you wish to allow
only specific stations or subnetworks to bridge, then add the filters with an “allow”
designation and enable “allow” filtering. Add each filter with the following command:
filter br add [pos] [data] [deny | allow]
where [pos] is the byte offset within a packet (number from 0-127) to a [data] (a hex
number up to 6 bytes). This data and offset number can be used to identify an
address, a protocol id, or data content. After entering your filters, verify your entries
with the following command:
filter br list
If you have entered an incorrect filter, delete the filter using the filter br del command.
When you are satisfied with the filter list, save the filtering database with the save filter
command. You must reboot the router to load the filtering database. Then enable
bridging filtering with the following command:
filter br use [none | deny | allow]
To test the filtering configuration, access the remote destination identified in the filter.