Filter
Top Products
6-54 CHAPTER 6: MANUAL SETUP
IPX:
1 ACCEPT src-socket = 0x001;
999 DENY;
IPX RIP Packet Filtering Using CLI
Routing Information Protocol (RIP) packets are used to identify all attached
networks as well as the number of router hops required to reach them. The
responses are used to update a router's routing table.
You define IPX RIP packet filtering rules in the IPX-RIP protocol section of the filter
file. You can filter IPX RIP packets by network only.
The following rule example filters the route specified by the IPX network address
00-03-55-BF:
IPX-RIP:
1 REJECT network = 00-03-55-BF;
IPX SAP Packet Filtering Using CLI
SAP packets are used to identify the services and addresses of servers attached to
the network. The responses are used to update a table in the router known as the
Server Information Table.
You define IPX SAP packet filtering rules in the IPX-SAP protocol section of the
filter file. You can filter SAP packets by network, node, server, service-type, and
socket.
The following rule example accepts SAP services from the server name sales_1,
with a socket number is less than 32:
IPX-SAP:
1 AND server = sales_1;
2 ACCEPT socket < 32;
999 DENY;
Bridge / Generic Filtering Using CLI
The rules in this filter file section are setup to allow bridging of only IP and IPX
packets (assuming that all traffic is being bridged and that the IPX protocol is using
Ethernet_II framing). To stop traffic in both directions, you can apply the filter as
an input_filter on both the Ethernet and the WAN or User Profile interfaces.
However, to improve efficiency over the WAN interface, it would be better to have
the same type of filter applied on the equipment at the other side of the WAN to
keep non-IP and IPX traffic off the WAN completely.
BR-ETH:
# Allow IP traffic
1 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0800;
# Allow ARP traffic
2 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0806;
# Allow IPX traffic