Manualshelf

User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)
181182183184185186187188189190
Security Network Restrictions
11-23
Filter lists are associated with sites. Sites use filter lists for the following purposes:
When a site with an associated filter list receives a packet, the SCS will compare the packet against each
filter starting with the first filter on the list. If the packet matches any of the filters, the packet will be
forwarded or discarded to the filters specification. If the packet does not match any of the filters in the list,
it will not be forwarded.
11.6.4.1 Filter Order
The order that filters appear in a list is important. For example, consider the following filter list:
Allow any packets
Deny all IP traffic matching a particular rule
When this filter list is associated with a site, all packets will be forwarded. Packets will be compared to the
first filter in the list, and all packets will match specification any packets. Therefore, all packets will be
forwarded without being compared to the second filter.
Switching the order of the two filters will have very different effects. Examine the filter list below, where
the order of the two filters is reversed.
Deny all IP traffic matching a particular rule
Allow any packets
When this filter list is used, any IP traffic matching the specified rule will be discarded. Therefore, some IP
packets will be discarded without being compared to the second filter.
Table 11-1: Types of Filter Lists
Type of Filter List Purpose
Idle Determines whether the site will remain active. Packets that
pass the lter will reset the sites idle timer, preventing the site
from being timed out.
Incoming Determines whether to forward incoming packets received
from a remote site. Packets that pass the lter will be
forwarded.
Outgoing Determines whether to forward outgoing packets to a remote
site. Packets that pass the lter will be forwarded.
Startup Determines whether a site will initiate a connection to a
remote site. When a packet passes the lter, the SCS will
initiate an outgoing connection. (If an outgoing connection
currently exists, this lter will be ignored.)