Manualshelf

Network Router User Manual

ManualsBrandsNortel Networks ManualsNetwork RouterWEB OS 212777
161162163164165166167168169170
212777-A, February 2002
169
CHAPTER 7
Filtering
This chapter provides a conceptual overview of filters and includes configuration examples
showing how filters can be used for network security and Network Address Translation (NAT).
The following topics are discussed in this chapter:
n Overview on page 170. This section describes the benefits and filtering criteria to allow
for extensive filtering at the IP and TCP/UDP levels.
Filtering Benefits on page 170
Filtering Criteria on page 170
Stacking Filters on page 172
Overlapping Filters on page 172
The Default Filter on page 173
VLAN-based Filtering on page 174
Optimizing Filter Performance on page 176
Filter Logs on page 176
IP Address Ranges on page 178
Cache-Enabled versus Cache-Disabled Filters on page 178
n TCP Rate Limiting on page 179. This section explains how TCP rate limiting allows
you to monitor the number of new TCP connections within a configurable time window.
n Tunable Hash for Filter Redirection on page 184 allows you to select any hash parame-
ter for filter redirection.
n Filter-based Security on page 185. This section provides an example of configuring fil-
ters for providing the best security.
n Network Address Translation on page 191. This section provides two examples: Internal
client access to the Internet and external client access to the server.
n Matching TCP Flags on page 197 and Matching ICMP Message Types on page 201.
Describes the ACK filter criteria which provides greater filtering flexibility and lists
ICMP message types that can be filtered respectively.