Filter
Top Products
Creating Filters
9-6 PortMaster Configuration Guide
Creating IP Filters
You can create a rule that filters IP packets according to their source and destination IP
addresses. For more information on the command syntax for creating filters, see the
PortMaster Command Line Reference.
To create an IP filter rule that filters by address, use the following command—entered
on one line:
Command> set filter Filtername RuleNumber permit|deny [Ipaddress/NM
Ipaddress(dest)/NM] [protocol Number] [log] [notify]
You can replace protocol
Number
with one of the following keywords:
• esp—matches packets using Encapsulation Security Payload (ESP) protocol. See
RFC 1827 for more information on this protocol.
• ah—matches packets using Authentication Header (AH) protocol. See RFC 1826 for
more information on this protocol.
• ipip—matches packets using the IP Encapsulation within IP (IPIP). See RFC 2003
for more information on this protocol.
If you are using ChoiceNet, you can also replace either the source or destination IP
address with the value
=ListName
which specifies a list of sites in the
/etc/choicenet/lists directory in the ChoiceNet server. The equal sign (=) must
immediately precede the value.
Filtering ICMP Packets
Internet Control Message Protocol (ICMP) packets—commonly known as ping
packets—report errors and provide other information about IP packet processing. You
can filter ICMP packets by source and destination IP address, or by ICMP packet type.
Packet types are identified in RFC 1700.
To create an ICMP filter rule, use the following command—entered on one line:
Command> set filter Filtername RuleNumber permit|deny [Ipaddress/NM
Ipaddress(dest)/NM] icmp [type Itype] [log]