Security 8-89
The following example further illustrates filter rule chaining, different sized masks and the full 8 bytes of the
Value field.
Create a filter set designed to block telnet access from a given external node (the example below uses
176.163.52.18) to a given internal node (176.163.107.254).
The filter rule summary (input) should look like this:
■ Filter #1 checks that the IHL has a size of 5. This is a useful security check to verify a potential hacker has
not padded the packet with options that would then throw off following filter rule checks on bytes further
into the packet.
■ Filter #2 checks the incoming packet is IP.
■ Filter #3 checks that the packet is using TCP.
■ Filter #4 simultaneously checks the source IP address is 176.163.52.18 (= B0A33412 in hex) and the
destination IP address is 176.163.107.254 (= B0A3B0FE in hex).
■ Filter #5 checks the TCP port address is telnet (= 23 decimal = 17 hex).
Note: This filter set is presented only to illustrate how Generic filtering works. You are strongly advised to
actually use IP filters to block IP only traffic.
+-#----Value-------------Mask--------------Offst-Compare--Chain---On?-Fwd-+
+-------------------------------------------------------------------------+
| 1 0500000000000000 0F00000000000000 14 = No Yes No |
| 2 0800000000000000 FFFF000000000000 12 = Yes Yes |
| 3 0600000000000000 FF00000000000000 23 = Yes Yes |
| 4 B0A33412B0A3B0FE FFFFFFFFFFFFFFFF 26 = Yes Yes |
| 5 0017000000000000 FFFF000000000000 36 = No Yes No |
| |