Security 7-13Src. Port: The source port to match. This is the port on the sendinghost that originated the packet.D. Port: The destination port to match. This is the port on thereceiving host for which the packet is intended.On?: Displays Yes when the filter is in effect or No when it is not.Fwd: Shows whether the filter forwards (Yes) a packet or discards(No) it when there’s a match.Filtering example #1Returning to our filtering rule example from above (see page 7-9),look at how a rule is translated into a filter. Start with the rule, thenfill in the filter’s attributes:1. The rule you want to implement as a filter is:Block all Telnet attempts that originate from the remote host199.211.211.17.2. The host 199.211.211.17 is the source of the Telnet packetsyou want to block, while the destination address is any IPaddress. How these IP addresses are masked determines whatthe final match will be, although the mask is not displayed inthe table that displays the filter sets (you set it when you createthe filter). In fact, since the mask for the destination IP addressis 0.0.0.0, the address for Dest IP Addr could have beenanything. The mask for Source IP Addr must be255.255.255.255 since an exact match is desired.n Source IP Addr = 199.211.211.17n Source IP address mask = 255.255.255.255n Dest IP Addr = 0.0.0.0n Destination IP address mask = 0.0.0.0Note: To learn about IP addresses and masks, see Appendix B,“Understanding IP Addressing.”
