USER’S GUIDE234 CyberSWITCHFILTER C OMPOSITIONThe IP filtering mechanism is composed of three fundamental building blocks:Packet TypesThe criteria for describing an IP datagram’s contents: IP Source and Destination Addresses,Protocol (TCP, UDP, etc.), Protocol-specific fields (TCP port, etc.). For example, Packet Typescan be set up to specify such things as: “all packets arriving from IP Subnetwork X”, “Telnetpackets destined for host Y”, or “All RIP packets”. Packet Types are independently defined andmay be referenced by multiple filters.• ConditionsA Packet Type combined with an Action to take when a datagram matches that type. TheActions are DISCARD or FORWARD.• FilterAn ordered list of Conditions. When an IP datagram passes through a filter, a sequential passis made through the individual conditions. The first complete match of a Packet Type dictatesthe action which is applied to the datagram. When the action is DISCARD, the datagram isdropped. The filter also contains a configurable Final Condition which specifies the action totake if no match is found.TYPES OF FILTERSForwarding FiltersA Forwarding Filter is a filter which forwards or discards specific packets according to whetherthese packets fulfill a list of defined conditions.Forwarding Filters may be applied to packets in oneof the following ways:• Globally: independent of the packet’s input or output path.• through the Input Network Interface: applies the filter only to packets arriving on a specificattached network.IP PacketDiscard Type 1Forward Type 4Discard Type 3FILTERDiscard All Other TypesConditionsFinalConditionPacket Types:Type 1: www,www,wwwType 2: xxx,xxx,xxxType 3: yyy,yyyType 4: zzz,zzzAction:Discard/Forward