3Com 3C840 Network Router User Manual


 
12-6
C
HAPTER
12: C
ONFIGURING
F
ILTERS
Example: To prevent seven individual PCs on the LAN from accessing a
remote site, create the following two filters:
Filter for Packets: Going to Remote Site Vienna
Filter Name: Block PCs 1-6 Protocol: IP Enabled: Yes
Discard Packet if IP Source Address is Equal to 192.168.200.41
or if IP Source Address is Equal to 192.168.200.50
or if IP Source Address is Equal to 192.168.200.66
or if IP Source Address is Equal to 192.168.200.42
or if IP Source Address is Equal to 192.168.200.88
or if IP Source Address is Equal to 192.168.200.90
Filter Name: Block PC 7 Protocol: IP Enabled: Yes
Discard Packet if IP Source Address is Equal to 192.168.200.102
The filters BLOCK PCs 1-6 and BLOCK PC 7 both use the IP protocol and
the same action, “Discard Packet if...”
Therefore, when they are applied, they are “or”ed together. The resultant
filtering is the same as you would get if you were allowed to create a
single filter that contained all seven conditions.
OfficeConnect
Remote 840 Manager
Filter Screens
The OfficeConnect Remote 840 Manager (HTML) filter screens provide an
easy to use menu system for specifying the direction/location of the
traffic to be checked and for creating and editing filter conditions. The
filter screens are set up to allow you to create sentences that describe the
filter action. For example, a filter that prevents IPX packets from Jan and
Bob's PCs from being sent to Remote Site Vienna would look something
like this:
Filter for Packets: Going to Remote Site Vienna
Filter Name: Block Jan and Bob
Discard Packet if IPX Source Node is Equal to 00-20-69-00-23-99
or if IPX Source Node is Equal to 00-20-69-11-45-88
The sentence is built up over a number of screens. Most filters can be
easily created by selecting from the provided condition sentences. Each
sentence has pull down boxes for selecting condition keywords (IP
Destination Address / IP Source Address, etc.) and condition operations (is
Equal to / is Not Equal to, etc.) Where appropriate, the additional
flexibility of generic filters is available. With generic filters, you specify an
offset into the packet and the hex value to compare the packet content
840ug.book Page 6 Friday, July 7, 2000 2:23 PM