previous | start | next

Packet Filtering Configuration

As an example of how access based on packet filtering can be configured, consider the approach taken in Cisco(tm) routers.
 
An access list is used to define permisible packet flows through the router. The general form of an access list entry is:
{ permit | deny } address [mask]
The entries have meaning thus:
 
permit | deny
indicates whether this entry allows or blocks traffic from the specified address.
address
gives the source IP address.
mask
this (optional) field is interpreted as a "bitmap" which defines the significance of each bit in the preceding address field. Every bit in the mask which has a "1" value indicates a "don't care" bit in the address, whereas every "0" bit indicates a bit in the address which must match exactly.

 
The access list for each interface can have many entries of the above form.
 
In addition, an access list can be specified to restrict either incoming or outgoing packets on the particular interface.
 


previous | start | next