Security 15-9
Greater Than or Equal: For the filter to match, the packet’s port number must be greater than or equal to the
port number specified in the filter.
Other filter attributes
There are three other attributes to each filter:
■ The filter’s order (i.e., priority) in the filter set
■ Whether the filter is currently active
■ Whether the filter is set to pass (forward) packets or to block (discard) packets
Putting the parts together
When you display a filter set, its filters are displayed as rows in a table:
The table’s columns correspond to each filter’s attributes:
#: The filter’s priority in the set. Filter number 1, with the highest priority, is first in the table.
Source IP Addr: The packet source IP address to match.
Dest IP Addr: The packet destination IP address to match.
Proto: The protocol to match. This can be entered as a number (see the table below) or as TCP or UDP if using
those protocols.
Protocol Number to use Full name
N/A 0 Ignores protocol type
ICMP 1 Internet Control Message Protocol
TCP 6 Transmission Control Protocol
+-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+
+----------------------------------------------------------------------+
| 1 192.211.211.17 0.0.0.0 TCP 0 23 Yes No |
| 2 0.0.0.0 0.0.0.0 TCP NC =6000 Yes No |
| 3 0.0.0.0 0.0.0.0 ICMP -- -- Yes Yes |
| 4 0.0.0.0 0.0.0.0 TCP NC >1023 Yes Yes |
| 5 0.0.0.0 0.0.0.0 UDP NC >1023 Yes Yes |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
+----------------------------------------------------------------------+