A p p l i c a t i o n N o t e s C-5Filtering InterfaceYou may apply IP Filtering to any interface that carries IP traffic. Rule setscan be defined for both inbound and outbound traffic through each interface.The block diagram below shows where IP Filtering is performed on the IAD.Figure C-1. IAD Block Diagram With IP Filtering ShownIP Filtering can be applied to either WAN or LAN ports; these are the onlytwo that can carry IP traffic. For connections to the Internet, the WAN port isthe best choice. All examples provided below assume the WAN port is theselected port. Although you may select the LAN port as well, it is notrecommended, as this would make your network vulnerable if supportprotocols such as Telnet or TFTP are targeted. Port selection is also importantbecause it establishes a point of view for defining filters. An input filter onthe WAN port will block or pass packets entering the WAN port. An inputfilter on the LAN port will block or pass packets entering the LAN port.IP Filtering on a WAN port for inbound traffic is performed after NAThas occurred. IP Filtering on a WAN port for outbound traffic isperformed prior to NAT.IP Filtering rule sets are defined using the ifname for each interface.The ifname for a particular interface can be viewed from CurrentConfiguration. In general, the ifname is an abbreviated interface namewith the port number. For example, the Ethernet interface ifname iseth0. ATM PVC interface names would be atm0, atm1, atm2, etc.
