Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

111

112

113

114

115

116

117

118

119

120

Chapter 5. Configuring Software Options 119

IP Filtering

IP Filtering is a type of firewall used to control network traffic. The process involves filtering packets received

from one interface and deciding whether to route them to another interface or to discard them.

When it is filtering packets, the router examines information such as the source and destination address contained

in the IP packet, the type of connection, etc., and then screens (filters) the packets based on this information;

packets are either allowed to be forwarded from one interface to another interface or simply discarded.

IP filtering requires that IP routing be enabled. This type of filtering offers great flexibility and control of IP

filters, but configuration of this feature requires using a series of commands that may appear complex to a casual

user.

See the installation CD for sample IP Filter command files (filter.txt). This file can be edited for your installation

and copied to the router usingTFTP or the Windows Quick Start application. (See Batch File Command

Execution, page 166.)

Filters and Interfaces

Filters are commands used to screen IP packets: packets are simply matched against a series of filters. If a packet

matches a filter, the filter determines whether the packet is accepted or dropped. If no filter matches the incoming

packet, the packet is accepted by default.

Filters operate at the interface level. Each interface has a series of IP filters associated with it; the filters can be of

three types: Input filters, Output filters, and Forward filters. The following illustrates the filter process.

Input Phase

When an IP packet comes in through an interface (such as the Input interface), the router tries to recognize the

packet. The router then examines the Input filters for this interface and, based on the first Input filter that

matches the IP packet, it decides how to handle the packet (forward or discard it).

Input Phase

Output Phase

Forward Phase

Input

Filters

IP-ES

ICMP

Redirect

Forward

Filters

IP Routing

Table

Output

Filters

Forward filters on

the input interface

Forward filters on

the output interface

Routing

Table

Processing