User manual
Packet Filters 8-
7
To be valid, a filter file must always have the following file
descriptor on the first line:
#filter
Ensure that there is no blank space before the descriptor,
otherwise an error will occur.
The remainder of the filter file is partitioned into protocol
sections. Each protocol section has a descriptive header and
contains the filter rules for that protocol.
Protocol Sections
A single filter file can contain all valid protocol sections in any
order, but the sections cannot be repeated. The following
conditions will generate errors or prevent normal filtering:
• If you do not specify a protocol section in the filter file, no
filtering will occur and packets of that protocol type will be
accepted
• If you specify a protocol section but do not define any rules,
an error will occur.
Note:: To comment out a protocol section, you must place a
pound (#) sign before the section header and before all rules
defined in the section.
The following table describes the valid protocol sections that
you can define in the filter file:
Protocol Section Description
IP:
IP protocol data filter section
IP-CALL:
IP protocol call filter section
IP-RIP:
IP RIP advertising filter section
IPX:
IPX protocol data filter section
IPX-CALL:
IPX protocol call filter section
IPX-RIP:
IPX RIP advertising filter section
IPX-SAP:
IPX SAP advertising filter section
ATALK:
AppleTalk protocol data filter section
ATALK-CALL:
AppleTalk protocol call filter section
ATALK-ZIP:
AppleTalk ZIP advertising filter
LOGIN-ACCESS:
Login Access filter section