Support User Manuals

3Com ADSL Modem Ethernet Modem User Manual

Open as PDF

of 74

4-4 CHAPTER 4: FILTERING CAPABILITIES

The OR operation can be implemented by successive rules. For example, to accept

a packet if the source address is xxx, or the destination address is yyy, the

following rules are used:

BR-ETH:

1 ACCEPT src-addr=00-20-69-00-00-01;

2 ACCEPT dst-addr=00-20-69-00-00-02;

999 DENY;

The following table describes the keywords for the bridge protocol section and

their legal operators used in the rule syntax. (xx is a hex number).

Generic Filter Rule The syntax for generic filters is slightly different than that for other protocol filters:

<line #> <verb> GENERIC => ORIGIN = FRAME/OFFSET = <# of bytes>/

LENGTH = <# of bytes>/MASK = < 0x Mask>/VALUE = <0x value>

■ ORIGIN - The location in the packet to start the offset count. This is at byte 0

(FRAME).

■ OFFSET - The number of bytes from the origin to skip before comparing the

value to the packet contents.

■ LENGTH - The number of bytes in the packet to compare to the value.

■ MASK - The mask to logically "and" with the packet contents before

comparing with the value (hex).

■ VALUE - The value (hex) to compare to the packet contents.

For example, a generic bridge filter to prevent all IP packets from being bridged is:

BR-ETH:

1 reject

generic=>origin=frame/offset=12/length=2/mask=0xFFFF/value=0x0800;

Step by Step Guide to

Creating Filter Files

This section presents a step-by-step guide for creating and applying filters. These

steps assume that the filter file is created on a remote workstation and then

transferred to FLASH memory using TFTP. If you use the CLI create text command

to create the filter file, you can omit steps 9 and 10.

To create a filter file:

1 Open a new text file. Enter the file descriptor on the first line: #filter

2 Enter the section header followed by a colon for the protocol rules you want to

define. For example: BR-ETH:

3 You can comment a section header out by placing a # sign before the section

header. This is useful if you want to insert a placeholder for a protocol section you

Table 4-2 Protocol Keywords

ProtocolSection Keyword Operators Description and Value Range

BR-ETH src-addr

dst-addr

generic

=, !=

=, !=

=

Source MAC address (xx-xx-xx-xx-xx-xx)

Destination MAC address (xx-xx-xx-xx-xx-xx)

Generic filter

previous next