Filter
Top Products
Prestige 2602HW Series User’s Guide
298 Chapter 31 Filter Configuration
Figure 178 Executing an IP Filter
31.4.2 Generic Filter Rule
This section shows you how to configure a generic filter rule. The purpose of generic rules is
to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP packet. You
specify the portion of the packet to check with the Offset (from 0) and the Length fields, both
in bytes. The Prestige applies the Mask (bit-wise ANDing) to the data portion before
comparing the result against the Value to determine a match. The Mask and Value fields are
specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a
byte, so if the length is 4, the value in either field will take 8 digits, for example, FFFFFFFF.
Packet
into IP Filter
Matched
Matched
Yes
Action Matched
Action Not Matched
More?
No
Filter Active?
Check
IP Protocol
Drop
Drop Packet Accept Packet
Drop Forward
Check Next Rule
Check Next Rule
Check Next Rule
Forward
Not Matched
Yes
No
Check Src
IP Addr
Apply SrcAddrMask
to Src Addr
Matched
Check Dest
IP Addr
Apply DestAddrMask
to Dest Addr
Not Matched
Not Matched
Check Src &
Dest Port
Matched
Not Matched