User`s guide
7-1
8000-A2-GB21-10
June 1997
IP Filtering
7
Overview
A filter is a useful mechanism. It can be used to secure a network by
implementing security rules (policies). You can use a filter to prevent
unauthorized network access without making authorized access difficult.
By default, filtering is not active on the HotWire DSLAM system. However, you
can enable filtering to selectively filter source or destination packets being routed
through the MCC or DSL cards. Appendix B,
IP Filtering Configuration
Worksheets
, provides worksheets to help you plan and record your filter
configurations.
This chapter provides an overview of packet filters and describes why you may
want to set filters on your network.
What is a Filter?
An IP filter is a rule (or set of rules) that is applied to a specific interface to
indicate whether a packet can be forwarded or discarded.
A filter works by successively applying the rules to the information obtained from
the packet header until a match is found. The filter then performs the action
specified by the rule on that packet, which can be either to forward or discard the
packet. The filter does not keep any state or context, and the decision is made
based only on the packet contents.
You can create the following filter types:
An input filter to prevent packets entering the DSL card through a specified
interface from being forwarded. You may want to set up filtering on input to
protect against address spoofing. Use the IP Network screen
(
Configuration
→
Interfaces
→
IP Network
) to specify whether or not you want
to use an input filter.
An output filter to prevent packets from going out of the DSL card through a
specified interface. Use the IP Network screen (
Configuration
→
Interfaces
→
IP Network
) to specify whether or not you want to use an output filter.