Security 14-7
A filtering rule
The criteria are based on information contained in the packets. A filter is simply a rule that prescribes certain
actions based on certain conditions. For example, the following rule qualifies as a filter:
Block all Telnet attempts that originate from the remote host 199.211.211.17.
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match
occurs, the packet is blocked.
Here is what this rule looks like when implemented as a filter on the Netopia R7200:
To understand this particular filter, look at the parts of a filter.
Parts of a filter
A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the
following attributes:
■ The source IP address (where the packet was sent from)
■ The destination IP address (where the packet is going)
■ The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP
Port numbers
A filter can also match a packet’s port number attributes, but only if the filter’s protocol type is set to TCP or
UDP, since only those protocols use port numbers. The filter can be configured to match the following:
■ The source port number (the port on the sending host that originated the packet)
■ The destination port number (the port on the receiving host that the packet is destined for)
By matching on a port number, a filter can be applied to selected TCP or UDP services, such as Telnet, FTP, and
World Wide Web. The following tables show a few common services and their associated port numbers:
Internet service TCP port Internet service TCP port
FTP 20/21 Finger 79
Telnet 23 World Wide Web 80
SMTP (mail) 25 News 144
Gopher 70 rlogin 513
+-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+
+--------------------------------------------------------------------+
| 1 199.211.211.17 0.0.0.0 TCP 23 Yes No |
+--------------------------------------------------------------------+