3Com OfficeConnect 3C100XF Cli User's Manual - page 222
27-12
C
HAPTER
27: P
ACKET
F
ILTERS
The following filter file example would prevent forwarding of IP packets with
destination addresses that match the first 24 bits of the given IP address (that is,
addresses beginning with 188.039.150):
#filter
IP:
010 REJECT dst-addr = 188.039.150.000/24;
The following filter file rule example would allow forwarding of IP packets with
source address 192.077.100.032
and
destination address 201.128.011.034:
#filter
IP:
010 AND src-addr = 192.077.100.032;
020 ACCEPT dst-addr = 201.128.011.034;
Masks
These fields specify the number of bits to be used in the
source address
and
destination
address comparisons. Valid values are:
The masks are separated from source address and destination address by forward
slashes (/).
TCP and UDP Parameter
Filtering
TCP and UDP packets are typically sent from and destined for standard port
numbers that provide common network services, such as Domain Name Service
(DNS), Simple Network Management Protocol (SNMP), and TELNET. You can filter
TCP and UDP packets by source and destination ports by defining filter rules that
compare the port number in a TCP or UDP packet of a specific value.
The following filter file rule example would accept only TCP packets that have a
source port number of 24 or greater:
#filter
IP:
010 ACCEPT tcp-src-port >= 24;
020 DENY;
The following filter file rule example would accept only TCP packets with a
destination port in the range of 24-39:
#filter
IP:
010 AND tcp-dst-port>23;
020 ACCEPT tcp-dst-port
030 DENY;
0
Match all packets with any IP address. The contents of source address
or destination address fields are unimportant.
8
Compare the first byte (octet) in the IP address.
16
Compare only the first two bytes of the IP addresses.
24
Compare only the first three bytes of the IP addresses.
32
Match the entire IP address. (Default)