Echo LANlink Router Option User Manual Issue 1.0 04 December 1997 Page 52 of 59
APPENDIX G IP FILTER EXAMPLES
If IP filtering is active then all packets received are checked against the filter
table before processing by the Router. Packets are also compared to the IP
Filter Table when the IP Filter is set to Bridge.
The IP Filter can have 32 lines or entries. An entry does not initially become
active until the user exits the menu. Future amendments are acted upon
immediately after entry.
It should be noted that the filter table is sequentially searched for any IP
packet received until a match is found. A filter table with many entries can
impose significant processor loading and a leads to increased latency.
The filter table is made up of three elements:
1. Source and destination IP address.
2. Protocol selection
3. Port or socket selection for TCP and UDP packets.
Each section supports a ‘wildcard’ for a match e.g. to pass only TCP packets
you would wildcard the source and destination IP address and wildcard the
port numbers.
Each line in the filter table can be configured to PASS or FAIL. By default this
value is FAIL. Normal operation would put a number of entries in the filter
table that would pass packets if a match occurs. It is possible to use the
reverse and define each line so that a match results in failure. You could then
enter a last line with wildcards in all three sections to pass.
G.1 Source and Destination IP Address
Each filter table entry consists of an IP address and a mask. The IP address
in the packet is combined with the mask and compared with the entry in the
table. If the result matches then processing continues along the line. If the
result fails then the same operation is performed against the next line entry.
Masks are displayed in hexadecimal format for ease of bit identification.
Values can be entered in the normal decimal dot notation or as a single hex
number e.g. 255.128.0.0 or FF800000. Any value or order of bits can be
entered as the mask. A mask of FFCF0040 is a valid mask.