IP Filter Configuration window 210
Models 2616RC, 3096RC & 3196RC Admin Reference Guide 13 • IP Filtering
Direction (filterIpDirection)
Specifies the direction of the filter (that is, whether it applies to data packets inbound or outbound from the
access server). The filter only applies to dial in users, users on other interfaces (that is, Ethernet, Frame Relay,
and so on) are not affected. The following options are available:
• inactive(0)—Disables filter operation
• inbound(1)—Relates to packets coming into the access server
• outbound(2)—Relates to packets leaving the access server
• both(3)—Specifies both inbound and outbound operation
Note
Enabling or disabling filters that are applied to dial-in users who are
currently online will immediately change those users’ ability to send or
receive packets, depending on the changes that are made to the filters.
Action (filterIpAction)
Specifies the action to take on a packet whether to block or pass the packet. The following options are available:
• pass(0)—If pass is selected, checking will continue on to other filters until either a match occurs, a block
occurs, or there are no more filters remaining to check.
Note
If there are any applied PASS filters, then at least one of them must
match or the packet will be dropped.
• block(1)—If a filter has block set and the filter matches the block, the packet is discarded and no further
processing is done.
• wrap(2)—All packets received on the specified dialup link will be encapsulated in an extra IP header as
defined in RFC2003. The destination IP address of the wrapper is given by the destination IP setting in the
filter. The source IP address of the wrapper is the Ethernet address of the remote access server.
All wrap filters are inbound only.
Note
Block filters take priority, therefore any applied and matching block
filters will drop the packet. Next, pass filters are examined, if PASS fil-
ters have been defined, then at least one of them must match or else
the packet will be dropped. After the block and pass filters are exam-
ined, the WRAP filter, if it exists, will be applied.
Source IP
Applies the filter action based on the results of the stated comparison to the IP address and subnet mask.
Comparison (filterIpSourceAddressCmp)
• equal(0)—apply the action of the filter if the Source IP equals the IP address/subnet mask combination
supplied
• notEqual(1)—apply the action of the filter if the Source IP does not equal the IP address/subnet mask com-
bination supplied