Filter
Top Products
1-14 October 22, 1999 SP Switch Router Adapter Guide - 1.4 Update 2
Introduction to the SP Switch Router Adapter card
Assigning filters
Assigning filters
The SP Switch Router Adapter card supports IP packet filtering. You can apply filters to the
receive and/or transmit path of a logical interface as described in the “IP Packet Filtering”
chapter of the GRF Configuration and Management manual.
The filter configuration file is /etc/filterd.conf. The maint 50 – 58 commands report
statistics and information for filters assigned to the receive side of the card. The maint 150 –
158 commands report on transmit side filters.
The “IP Packet Filtering” chapter describes the entries in /etc/filterd.conf and tells you
how to design several types of filters. The binding statement in /etc/filterd.conf is where
you assign a filter you have created to a particular logical interface on a specific media card.
This statement has two variables that are media card specific,
media and vlif.
In a binding statement, media is the type of media card and vlif is the logical interface
number to which the filter is assigned. For the SP Switch Router Adapter card, media is
always dev1 and the vlif is always 0 since the card has a single interface.
Here is a binding statement for an SP Switch Router Adapter card in slot 5, gt050 (the card is
connected to node 8 on an SP switch):
media dev1 5 {
#
the filter named “no_host_22” blocks all packets from remote host 192.168.22.22
bind no_host_22_22 {
vlif 0; # this is the switch node 8 interface
direction out; # outbound traffic to node 8
action filter;
}
}
Here are the supported media names:
atm (OC-3c)
dev1
ether
fddi
hssi
hippi
sonet
(OC-3c)
Please refer to the “IP Packet Filtering” chapter of the GRF Configuration and Management
manual for configuration information and examples.
tcpdump
Filtering supports the standard UNIX tcpdump utility that enables you to examine the data
crossing an SP Switch Router Adapter interface. A tcpdump “listen” command for interface
gt030 is:
# tcpdump -i gt030