Echo EN55022 Network Router User Manual


 
Echo LANlink Router Option User Manual Issue 1.0 04 December 1997 Page 37 of 59
4.7.2 IP FILTER (WAN or Ethernet)
Both the Ethernet and WAN ports on the router can have an individual IP
filter table. If IP filtering is active then any packets received are checked
against the filter table before processing by the Router.
Each port IP filter table can have 64 entries. When the first entries are made
they will not become active until the table screen is exited. Any future input
will become active immediately.
The filter table is sequentially searched for each IP packet received until a
match is found. A filter table with multiple entries will impose significant
processor loading and a corresponding drop in throughput.
The filter table is split into three parts. The first part is source and destination
IP address. The second part is protocol selection, and the third port or socket
selection for TCP and UDP packets. Each section supports the use 'wild card'
entries to allow any value to be matched e.g. to pass only TCP packets the
user 'wild cards' the both source and destination IP address, and the port
numbers.
Each line in the filter table can be configured as a pass or fail. The normal
operation would be to put a number of entries in the filter table that would
pass if a match occurs. By default the last entry in the filter table must be a
failure, however it is possible to use the filter table in a reverse fashion and
define each line so that a match results in failure. The last entry would have
wild card entries for all three sections and results in a pass
.
MENU SELECTION DESCRIPTION
ADD A new entry may be added to the end
of the Table or after an entry
EDIT To edit an entry, selecting the
relevant line number entering
required amendments.
DELETE Enter the line number to delete.
CLEAR To delete the entire table.
NAME Define a name for this filter table
LIST PARAMETER DESCRIPTION
LINE Line number of Filter Table entry to
be amended/deleted
SRC ADDR The source address for IP packets to
be filtered. A network address,
individual IP address or ALL may be
specified.