Filter
Top Products
Defining Static Filters
Defining IP filters
MAX 6000/3000 Network Configuration Guide 15-17
Configure the second input filter, setting Type to IP and setting Forward to Yes. This allows
inbound TCP packets in response to a local user’s outbound Telnet request, by specifying that
TCP packets whose destination port number is greater than that of the source port are
forwarded. (Telnet requests go out on port 23, and responses come back on some random port
above port 1023.)
Input filters...
In filter=02
Type=IP
Valid=Yes
IP....
Forward=Yes
Protocol=6
Dst Port Comp=Gtr
Dst Port #=1023
Next, configure the third input filter, setting Type to IP Filter and setting Forward to Yes. This
allows inbound RIP updates, by specifying that inbound UDP packets are forwarded if the
destination port number is higher than that of the source port. (For example, suppose a RIP
packet goes out as a UDP packet to destination port 520. The response to this request goes to a
random destination port above port 1023.)
Input filters...
In filter=03
Type=IP
Valid=Yes
IP....
Forward=Yes
Protocol=17
Dst Port Comp=Gtr
Dst Port #=1023
Configure the fourth input filter, setting Type to IP filter and setting Forward to Yes. The fourth
filter uses all default values, which allows unrestricted Pings and Traceroutes. Unlike TCP and
UDP, ICMP does not use ports so a port comparison is unnecessary.
Input filters...
In filter=04
Type=IP
Valid=Yes
IP....
Forward=Yes
Following are comparable RADIUS filter definitions:
Ascend-Data Filter="ip in forward dstip 10.9.250.5/32 dstport=80 proto
6"
Ascend-Data Filter="ip in forward dstport > 1023 proto 6"
Ascend-Data Filter="ip in forward dstport > 1023 proto 6"
Ascend-Data Filter="ip in forward"