Filter
Top Products
8-12 Packet Filters
TCP UDP Description
518 518 ntalk (new terminal chat)
- 520 RIP
540 540 uucp (UNIX to UNIX copy)
540 540 uucp-rlogin
543 543 klogin (Kerberized login)
1642 - PortMux daemon
- 1645 RADIUS security
- 1646 RADIUS accounting
Filtering RIP messages
If the NETServer is listening for or broadcasting RIP messages,
you should permit them (UDP dst eq 520) to pass in the appro-
priate direction(s).
Note that spurious RIP messages can disrupt your routing
tables. If you are listening for RIP messages on a given interface,
you may wish to consider filtering out RIP updates from
untrusted networks.
FTP Packet Filtering
FTP is one of the most difficult protocols to permit while still
protecting your network. The input and output filters must
permit two separate bi-directional connections, one initiated by
the client and one initiated by the host. However, they should
still be able to provide as much protection from outside attack-
ers as possible. To write such a filter, we’ll go through the FTP
process and write the appropriate lines as we go.
In the example below, we will permit all users on the local class
C network, 192.77.203.0 to initiate an FTP connection to any
other host on the Internet. However, incoming FTPs will be
denied.
Step 1 - Create two filters
Since we will be filtering both incoming and outgoing packets,
we must create two filters.
add filter ftp.in
add filter ftp.out