The Novell® Internet Access Server 4.1 routing software supports filtering to control the service and route information that is accepted or advertised by a router. Filters are useful when you want to limit specific types of traffic to certain parts of your network and when you want to provide a certain level of security. You use FILTCFG to configure the filters for the Internetwork Packet ExchangeTM (IPXTM) protocol, IP, AppleTalk, and the source route bridge to selectively discard packets sent or received by a router. The following types of filters are supported:
Packet forwarding ---Prevents selected data packets from being forwarded by the router. Packet forwarding filtering is available for IPX and TCP/IP.
Service information ---Limits the services added to the service information (SAP) tables of specified routers. Service information filtering is available for IPX and AppleTalk.
Routing information ---Limits the routes added to the routing tables of specified routers. Routing information (RIP) filtering is available for IPX, AppleTalk, and TCP/IP.
OSPF ---Controls the propagation of routing information from non-OSPF domains (RIP, EGP, and so on) to the OSPF domain.
EGP ---Defines the routes that a router can share with other EGP peers.
Protocol ID and ring number ---Filters packets of certain protocol types received by the bridge (Protocol ID filter), and filters packets received from specific rings on a token ring network (ring number filter). Both types of filters are only available for source route bridge.
Table 1 lists the protocol suites and the filter types that you can configure for each with FILTCFG.
Table 1. Filter Types and Protocol Suites
Protocol Suite | Packet Forwarding Filters | Service Filters | Route Filters | Bridge Filters |
---|---|---|---|---|
IPX |
X |
X |
X |
|
AppleTalk |
|
X |
X |
|
TCP/IP |
X |
|
X |
|
Bridging |
|
|
|
X |