Creating Filters 4-3
■ If you do not specify a protocol section in the filter file, no filtering will occur
and packets of that protocol type will be accepted.
■ If you specify a protocol section but do not define any rules, an error will occur.
To comment out the protocol section, you must place a pound (#) sign before the
section header and before all rules defined in the section.
Protocol Rules Protocol rules determine which packets may and may not access the network. The
rule syntax is:
<line #> <verb> <keyword> <operator> <value>
The line # range is 1-998. This means you can combine up to 998 rules to create a
filter for a specific protocol. Additionally, line number 999 is used for the DENY
verb.
The combination of keyword, operator, and value forms the condition which
(when combined with the verb) determines whether a packet is accepted or
rejected.
When a packet is filtered, the bridge parses each rule defined in the protocol
section sequentially according to the line number. Filtering is performed based on
the first match that occurs. If there is no match, by default the packet is accepted.
For this reason, you should order your protocol rules so that the rules you expect
to be most frequently matched are in the beginning of the section. This reduces
the amount of parsing time that occurs during filtering. The following table
describes each field used in the rule syntax:
Table 4-1 Protocol Rules
Field Description
line # Each rule must have a unique line number from 1-998 plus 999 for the DENY
verb. You must arrange rules in increasing order.
Verb This field can be one of the following:
ACCEPT - Allow the packet access if the condition is met (use with DENY verb to
indicate reject all other packets).
REJECT - Do not allow the packet access if the condition is met.
AND - Logically use the AND condition with condition of the next rule to
determine if the packet is accepted or rejected. Both defined conditions must be
met.
Keyword The keywords for all protocol, descriptions, corresponding operators and values.
Operator Describes the relationship between the keyword and its value. The operator field
must be one of the following:
= Equal
!= Not equal
> Greater than
< Less than
>= Greater or Equal
<= Less or Equal
=> Generic
Value Contains an entity that is appropriate for the keyword.