As an example of how access based on packet filtering can be
configured, consider the approach taken in Cisco(tm) routers.
An access list is used to define permisible packet flows through
the router. The general form of an access list entry is:
{ permit | deny } address [mask]
The entries have meaning thus:
permit | deny
indicates whether this entry allows or blocks traffic from the
specified address.
address
gives the source IP address.
mask
this (optional) field is interpreted as a "bitmap" which
defines the significance of each bit in the preceding address
field. Every bit in the mask which has a "1" value indicates a
"don't care" bit in the address, whereas every "0" bit indicates a
bit in the address which must match exactly.
The access list for each interface can have many entries of the
above form.
In addition, an access list can be specified to restrict either
incoming or outgoing packets on the particular interface.