A SERVICE OF

logo

Open as PDF
next previous
6-34 CHAPTER 6: MANUAL SETUP
IPX SAP Packet Filtering Using CLI
SAP packets are used to identify the services and addresses of servers attached to
the network. The responses are used to update a table in the router known as the
Server Information Table.
You define IPX SAP packet filtering rules in the IPX-SAP protocol section of the
filter file. You can filter SAP packets by network, node, server, service-type, and
socket.
The following rule example accepts SAP services from the server name sales_1,
with a socket number is less than 32:
IPX-SAP:
1 AND server = sales_1;
2ACCEPTsocket<32;
999 DENY;
Bridge / Generic Filtering Using CLI
The rules in this filter file section are setup to allow bridging of only IP and IPX
packets (assuming that all traffic is being bridged and that the IPX protocol is using
Ethernet_II framing). To stop traffic in both directions, you can apply the filter as
an input_filter on both the Ethernet and the WAN or User Profile interfaces.
However, to improve efficiency over the WAN interface, it would be better to have
the same type of filter applied on the equipment at the other side of the WAN to
keep non-IP and IPX traffic off the WAN completely.
BR-ETH:
# Allow IP traffic
1 ACCEPT
generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0800;
# Allow ARP traffic
2 ACCEPT
generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0806;
# Allow IPX traffic
3 ACCEPT
generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8136;
4 ACCEPT
generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8137;
999 DENY;
Step by Step Guide to
Creating Filter Files
Using CLI
You can create filter files using any text editor. Once the file is created, use the
Trivial File Transfer Protocol (TFTP) to place the filter file in the router FLASH
memory.
To create a filter file using CLI:
1 Open a new text file. Enter the file descriptor on the first line: #filter
2 Enter a file section header followed by a colon for the protocol rules you want to
define. For example, if you want to define IP filtering rules, enter the following
section header: IP: