Filter
Top Products
Overview of PortMaster Filtering
9-4 PortMaster Configuration Guide
A maximum of 256 filter rules per filter is allowed for the PortMaster 3 and IRX. For
other PortMaster products, the maximum number of filter rules allowed is 100. The
PortMaster generates an error message when the number of filter rules exceeds the
limit.
How Filters Work
IP and IPX packet filters are attached to users, locations, Ethernet interfaces, or network
hardwired ports as either input or output filters. SAP filters are attached as output filters
only. The Ethernet interface filter is enabled as soon as the name of the input or output
filter is set.
Input and output are defined relative to the PortMaster interface. As shown in
Figure 9-1, an input filter is used on packets entering the PortMaster and an output
filter is used on packets exiting the PortMaster.
Figure 9-1
Input and Output Filters
All packets entering a PortMaster through an interface with an input filter are evaluated
against the rules in the filter. As soon as a packet matches a rule, the action specified by
that rule is taken. If no rules match the specific packet, the packet is denied and is
discarded. Whenever an IP packet is discarded, the PortMaster generates an “ICMP Host
Unreachable” message back to the originator.
For interfaces with output filters attached, all packets exiting the interface are evaluated
against the filter rules and only those packets permitted by the filter are allowed to exit
the interface.
Input filter
Output filter
PortMaster
Packets in from
network users
Packets out to
branch office
Output filter
Input filter
Packets out to
network users
Packets in from
branch office
11820005
Ethernet interface
Serial interface
11820005