Filter
Top Products
Example Filters
9-12 PortMaster Configuration Guide
The rules for the input filter are as follows:
Command> set filter internet.in 1 permit 0.0.0.0/0 192.168.0.1/32 tcp src eq
20 dst gt 1023
Command> set filter internet.in 2 permit 0.0.0.0/0 192.168.0.1/32 tcp src eq
21 estab
Command> set filter internet.in 3 permit 0.0.0.0/0 172.16.0.2/32 tcp dst eq 21
Command> set filter internet.in 4 permit 0.0.0.0/0 172.16.0.2/32 tcp src gt
1023 dst eq 20 estab
The rules for the output filter are as follows:
Command> set filter internet.out 1 permit 192.168.0.1/32 0.0.0.0/0 tcp dst eq
21
Command> set filter internet.out 2 permit 192.168.0.1/32 0.0.0.0/0 tcp src gt
1023 dst eq 20 estab
Command> set filter internet.out 3 permit 172.16.0.2/32 0.0.0.0/0 tcp src eq
20 dst gt 1023
Command> set filter internet.out 4 permit 172.16.0.2/32 0.0.0.0/0 tcp src eq
21 dst gt 1023 estab
If you allow any internal host to send out packets with FTP, replace 192.168.0.1/32 with
0.0.0.0/0 or your
network_number
/24. Take appropriate precautions to reduce the risk
this configuration creates.
Rule to Permit DNS into Your Local Network
If the DNS name server for your domain is outside your local network, you should add
the following rule to your input filter:
Command> set filter filtername RuleNumber permit udp src eq 53
This rule permits DNS replies into your local network.
Rule to Listen to RIP Information
To permit incoming RIP packets, add the following rule to your input filter:
Command> set filter filtername RuleNumber permit 172.16.0.0/32 192.168.0.0/32
udp dst eq 520
In the above example, 172.16.0.0/32 is the other end of the Internet connection and
192.168.0.0/32 is the local address of the connection.