Novell Documentation: Novell BorderManager 3.8 - Configuring the Packet Forwarding Filter

Configuring the Packet Forwarding Filter

Figure 14
Packet Forwarding Filter Configuration

This page helps you to set the properties of the selected filter type:

Status: Choose between Disabling or Enabling the selected filters. If Filtering Support has been enabled in inetcfg.nlm for this protocol, altering the status will cause configured filters to immediately become active (Enabled) or inactive (Disabled).

Action: Choose between Denying and Permitting packets on the filter list. Specify the action taken when a packet matches a filter in the Filter List. If the filters in the Exception List overlap with the filters in the Filters List, the Exception List is used.

Select the list of Filters to be Configured: Select the list of filters to be configured; choose between the Filter List or the Exception List.

Filter List: Displays all configured filters. You can add new filters, or delete or modify existing filters. The data packets that match any filter are either permitted or denied depending on the setting of the Action parameter. Data packets that match any filter in the Exceptions List are not filtered, even if they match a filter in the Filters List.

Exception List: Displays the exceptions to the filters defined in the Filters List, and allows you to specify additional exceptions. Exception filters take priority over filters in the Filter List. If a packet does not match an exception filter, it is checked against the Filters List. The packet is filtered if it matches any filter.

From the BorderManager Filter Configuration page in iManager, select Configure Packet Forwarding Filter from the list of tasks
Select Filter List or Exception List and click Next to configure filters in that list.
Select or change properties for the filters, then click Done to save changes to the status or action of this filter type and return to the filter configuration menu.
Click Cancel to discard changes to the status or action and return to the filter configuration menu.

Figure 15
Packet Forwarding Filter Configuration - Packets Denied

This page gives you a summary of packet forwarding filters.

You can add new filters, or delete or modify existing filters. The data packets that match any filter are either permitted or denied depending on the setting of the Action parameter. Data packets that match any filter in the Exceptions List are not filtered, even if they match a filter in the Filters List.

Click Done to return to the beginning of Packet Forwarding Filter configuration.

Click Cancel to return to the filter configuration menu.

Figure 16
Packet Forwarding Filter Configuration - Add or Modify

This page helps you to add or modify your filter properties.

Name: Gives you the name of the packet filter. This is the name of the filter object that would be created in Novell eDirectory.

Service Type: Defines the service type to be filtered. Click the button to view a list of defined TCP/IP service types. You can select an entry for the filter being edited. If you want to add or modify or delete user-defined service types, go to the Configure Service Type option on the configuration menu. See Configuration Menu.

Comment: Specify a short comment in this field, to save in the database along with the other entries in the form.is

Logging: Choose to enable or disable this option.

Enable: The header of the packet that matches the options in the filters or exceptions are logged as long as the global logging status and the filters/exception logging status are enabled. The Log file is a Btrieve database file (csaudit.log) located at sys:\etc\logs\ippktlog directory.
Disable: Packets that match the options in filters or exceptions are not logged. Data logging slows down the server's performance and you should turn it on for a short time only. The local logging status can be enabled or disabled from the filter/exception definition menu.

Specify a name in the Name dialog box, then click Next.

If you have modified the settings, click Done to save changes to the filter and return to the Packet Forwarding Filter Summary.

Click Cancel to discard any changes to the filter and return to the Packet Forwarding Filter Summary.

Figure 17
Packet Forwarding Filter Configuration - Type of Information

This page helps you to alter the source information for the filter.

Source Interface Type: Select the source interface type of the TCP/IP packet forwarding filter. The available source types are Interface and Interface Group.

Source Interface: Select a source interface.

Source Circuit: Specify the information about the circuit to be configured. The source circuit is valid only if the source interface is of WAN media type. The default source circuit value is All Circuits.

Source Address Type: Select the Source Address Type of the TCP/IP packet forwarding filter. The available source types are Network, Host, or Any Address.

Source IP Address: Gives the IP address of your network or host.

Source Subnet Mask: Gives the subnetwork mask of your network.

Click Next.

Figure 18
Packet Forwarding Filter Configuration - Information

This page helps you to alter the destination information for the filter.

Destination Interface Type: Select the destination interface type of the TCP/IP packet forwarding filter. The available source types are Interface and Interface Group.

Destination Interface: Select the destination interface.

Destination Circuit: Specify the information about the circuit to be configured. The destination circuit is valid only if the destination interface is of WAN media type. The default destination circuit value is All Circuits.

Destination Address Type: Select the Destination Address Type of the TCP/IP packet forwarding filter. The available types are Network, Host, Multicast, or Any Address.

Destination IP Address: Gives the Network, Host or Multicast address.

Destination Subnetwork Mask: Gives the subnetwork mask of your network.

Click Done.