Filter

A filter is a way to control data flow through a SafeLinx Server.

Filtering criteria depends on packet type. You can create filters for four types of packets: TCP, UDP, ICMP, and other.

Filters are dependent resources of an MNI to control data access to and from all IP-attached SafeLinx Clients accessible from the SafeLinx Server through that MNI. For example, to eliminate line-charge expenses when the ping command is used to test network connections, you can create an ICMP filter. This filter prevents the ping packets from reaching a specific subnet of SafeLinx Clients.

For all types of filters, you can specify to:
  • Filter data from a single IP address or from a group (subnet) of IP addresses
  • Filter data to a single IP address or to a group (subnet) of IP addresses
  • Filter data only when the packet is going to a SafeLinx Client or coming from a SafeLinx Client
  • Block or pass data through negative or positive packets that match the defined filter
The following table describes more filtering criteria that you can specify according to the type of packet that the SafeLinx Server receives:
Packet type Filtering criteria
TCP

You can qualify the filter according to the port used by the originator or the receiver of the packet.

You can select a specific flag within the packet header to further qualify the filter.

Note: Flags should only be used by protocol experts who require this level of differentiation for a special purpose.
UDP You can qualify the filter according to the port used by the originator or the receiver of the packet.
ICMP You can qualify the filter according to a specific type of ICMP packet. For some specific ICMP packets, you can further qualify with code that applies to the packet.
Other packets You can qualify the filter according to a specific type of IP-protocol. Specify a search for a specific character string within the packet header.

Filters that work together can be put into groups. Default groups of filters are available under the Default Resources OU when you install the SafeLinx Administrator.

To add a filter, right-click the OU in which you want to add the filter, click Add Resource > Filter, and then select the filter type.