3Com OfficeConnect 3C100XF Cli User's Manual - page 224
27-14
C
HAPTER
27: P
ACKET
F
ILTERS
IP RIP Packet Filtering
RIP packets are used to identify all attached networks as well as the number of
router hops required to reach them. These responses are used to update a router’s
table. If the OfficeConnect Gateway is listening for or broadcasting RIP messages,
you should allow them to pass in the appropriate direction(s). You define IP RIP
filtering rules in the IP-RIP protocol section of the filter file.
For example, if you want to filter all routes except the one specified by the IP
network address 195.120.254.145, you would create the following filter rule:
#filter
IP-RIP:
010 ACCEPT network = 195.120.254.145;
030 DENY;
This filter only allows the route 195.120.254.145 into the route table. All other
routes are rejected.
Spurious RIP messages can disrupt your routing tables. If you are listening for RIP
messages on a given interface, you may wish to consider filtering out RIP updates
from untrusted networks.
ICMP Packet Filtering
Internet Control Message Protocol (ICMP) packets contain messages exchanged by
IP modules in both hosts and gateways to report errors, problems and operating
information. ICMP message types are shown below. Note that most are error
messages necessary for the correct operation of TCP/IP.
517
517
talk (terminal to terminal chat)
518
518
ntalk (new terminal chat)
-
520
RIP
540
540
uucp (UNIX to UNIX copy)
540
540
uucp-rlogin
543
543
klogin (Kerberized login)
1642
-
PortMux daemon
-
1645
RADIUS security
-
1646
RADIUS accounting
Table 27-4
TCP
UDP
Description
Table 27-5
Type
Description
0
Echo Reply (Ping)
3
Destination Unreachable
4
Source Quench
5
Redirect (change route)
8
Echo Request (Ping)
11
Time Exceeded for a Datagram
12
Parameter Problem for a Datagram