Netopia R7200 Manual de usuario descargar pdf (Pagina 181)

Security 14-31

and a packet goes through these rules destined for FTP, the packet would forward through the ﬁrst rule (WWW),

go through the second rule (FTP), and match this rule; the packet is allowed through.

If you had this ﬁlter set for example....

Allow WWW access;

Allow FTP access;

Deny FTP access;

Deny all other packets.

and a packet goes through these rules destined for FTP, the packet would forward through the ﬁrst ﬁlter rule

(WWW), match the second rule (FTP), and the packet is allowed through. Even though the next rule is to deny all

FTP trafﬁc, the FTP packet will never make it to this rule.

Binary representation

It is easiest when doing ﬁltering to convert the IP address and mask in question to binary. This will allow you to

perform the logical AND to determine whether a packet matches a ﬁlter rule.

Logical AND function

When a packet is compared (in most cases) a logical AND function is performed. First the IP addresses and

subnet masks are converted to binary and then combined with AND. The rules for the logical use of AND are as

follows:

0 AND 0 = 0

0 AND 1 = 0

1 AND 0 = 0

1 AND 1 = 1

For example:

Filter rule:

Deny

IP: 163.176.1.15BINARY: 10100011.10110000.00000001.00001111

Mask: 255.255.255.255BINARY:11111111.11111111.11111111.11111111

Incoming Packet:

IP 163.176.1.15BINARY: 10100011.10110000.00000001.00001111

If you put the incoming packet and subnet mask together with AND, the result is:

10100011.10110000.00000001.00001111

which matches the IP address in the ﬁlter rule and the packet is denied.

1 2 ... 176 177 178 179 180 181 182 183 184 185 186 ... 257 258

Sin comentarios

Netopia R7200 Manual de usuario Pagina 181