1. Home
    2. /
  2. Manuals
    3. /
  3. Motorola
    4. /
  4. Netopia-3000
    5. /
  5. 33
Page 161 / 351 Scroll up to view Page 156 - 160
161
Firewall Tutorial
Source IP Address = 199.211.211.17
Source IP address mask = 255.255.255.255
Destination IP Address = 0.0.0.0
Destination IP address mask = 0.0.0.0
Using the tables on
page 158
, find the destination port and protocol numbers (the
local
Telnet port):
Protocol = TCP (or 6)
Destination Port = 23
The filter should be enabled and instructed to block the Telnet packets containing the
source address shown in step 2:
Forward = unchecked
This four-step process is how we produced the following filter from the original rule:
Page 162 / 351
162
Filtering example #2
Suppose a filter is configured to block all incoming IP packets with the source IP address of
200.233.14.0, regardless of the type of connection or its destination. The filter would look
like this:
This filter blocks any packets coming from a remote network with the IP network address
200.233.14.0. The 0 at the end of the address signifies
any
host on the class C IP net-
work 200.233.14.0. If, for example, the filter is applied to a packet with the source IP
address 200.233.14.5, it will block it.
In this case, the mask, must be set to 255.255.255.0. This way, all packets with a source
address of 200.233.14.x will be matched correctly, no matter what the final address byte
is.
Note:
The protocol attribute for this filter is
Any
by default. This tells the filter to
ignore the IP protocol or type of IP packet.
Page 163 / 351
163
Firewall Tutorial
Design guidelines
Careful thought must go into designing a new filter set. You should consider the following
guidelines:
Be sure the filter set’s overall purpose is clear from the beginning. A vague purpose can
lead to a faulty set, and that can actually make your network
less
secure.
Be sure each individual filter’s purpose is clear.
Determine how filter priority will affect the set’s actions. Test the set (on paper) by
determining how the filters would respond to a number of different hypothetical pack-
ets.
Consider the combined effect of the filters. If every filter in a set fails to match on a par-
ticular packet, the packet is:
Forwarded if all the filters are configured to discard (
not
forward)
Discarded if all the filters are configured to forward
Discarded if the set contains a combination of forward and discard filters
An approach to using filters
The ultimate goal of network security is to prevent unauthorized access to the network with-
out compromising authorized access. Using filter sets is part of reaching that goal.
Each filter set you design will be based on one of the following approaches:
That which is not expressly prohibited is permitted.
That which is not expressly permitted is prohibited.
It is strongly recommended that you take the latter, and safer, approach to all of your filter
set designs.
Page 164 / 351
164
Working with IP Filters and Filter Sets
To work with filters and filter sets, begin by accessing the filter set pages.
NOTE:
Make sure you understand how filters work before attempting to use them.
Read the section
“Packet Filter” on page 154
.
The procedure for creating and maintaining filter sets is as follows:
1.
Add a new filter set.
See
Adding a filter set
, below.
2.
Create the filters for the new filter set.
See
“Adding filters to a filter set” on page 165
.
3.
Associate the filter set with either the LAN or WAN interface.
See
“Associating a Filter Set with an Interface” on page 171
.
The sections below explain how to execute these steps.
Adding a filter set
You can create up to eight different custom filter sets. Each filter set can contain up to 16
output filters and up to 16 input filters. There can be a maximum of 32 filter rules in the
system.
To add a new filter set, click the
Ad
d
button in the Filter Sets page. The Add Filter Set page
appears.
Page 165 / 351
165
Working with IP Filters and Filter Sets
Enter new name for the filter set, for example
Filter Set 1
.
To save the filter set, click the
Submit
button. The saved filter set is empty (contains no
filters), but you can return to it later to add filters (see “
Adding filters to a filter set”
).
NOTE:
As you begin to build a filter set, and as you add filters, after your first entry,
the Alert icon
will appear in the upper right corner of the web page. It will
remain until all of your changes are entered and validated. You need not imme-
diately restart the Gateway until your filter set is complete. See
“Associating a
Filter Set with an Interface” on page 171
.
Adding filters to a filter set
There are two kinds of filters you can add to a filter set: input and output. Input filters
check packets received from the Internet, destined for your network. Output filters check
packets transmitted from your network to the Internet.

Rate

4.7 / 5 based on 3 votes.

Popular Motorola Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top