3Com OfficeConnect 3C100XF Cli User's Manual - Ip F
26
IP F
ILTERS
C
OMMANDS
Overview
This section describes the IP Filters commands accessible from the CLI. IP filters are
used in IP networks that cross organizational or corporate boundaries. They
control inter-network data transmission by accepting or rejecting passage of
specific packets through network interfaces based on information in the packet
header.
IP filtering provides a form of tunnel access control. IP filters can also be used with
LAN and PVC interfaces.
IP Filter
Components
Each IP filter consists of:
A default action to take when an IP packet does not match any of the rules
specified for the IP filter.
A set of rules that determine which IP packets may access a network interface.
Before an IP packet is transmitted onto a network interface, IP filtering analyzes
the packet header information using the set of rules added to the filter specified
for the interface. Based on the rules, the packet is either accepted or discarded.
IP filtering is performed based on the first matching rule that is found. IP filtering
searches for a matching rule in rule number order. For this reason, you should
order your rules so that the rules you expect to be matched most often have the
lowest rule numbers. This will reduce the time spent in IP filtering.
Refer to the
Packet Filters
chapter for more information on filters, including
sample filter files.
CLI Commands
The following table identifies the IP Filters commands described in this chapter.
Command
Type
Command Name
Add
add ip filter
default_action
[accept | reject]
add ip rule
Delete
delete ip filter
delete ip rule
filter
List
list ip filters