Filter
A filter is a way to control data flow through a SafeLinx Server.
Filtering criteria depends on packet type. You can create filters for four types of packets: TCP, UDP, ICMP, and other.
Filters are dependent resources of an MNI to control data access to and from all IP-attached SafeLinx Clients accessible from the SafeLinx Server through that MNI. For example, to eliminate line-charge expenses when the ping command is used to test network connections, you can create an ICMP filter. This filter prevents the ping packets from reaching a specific subnet of SafeLinx Clients.
- Filter data from a single IP address or from a group (subnet) of IP addresses
- Filter data to a single IP address or to a group (subnet) of IP addresses
- Filter data only when the packet is going to a SafeLinx Client or coming from a SafeLinx Client
- Block or pass data through negative or positive packets that match the defined filter
Packet type | Filtering criteria |
---|---|
TCP |
You can qualify the filter according to the port used by the originator or the receiver of the packet. You can select a specific flag within the packet header to further qualify the filter. Note: Flags should only be used by protocol experts who require this level of differentiation for a
special purpose.
|
UDP | You can qualify the filter according to the port used by the originator or the receiver of the packet. |
ICMP | You can qualify the filter according to a specific type of ICMP packet. For some specific ICMP packets, you can further qualify with code that applies to the packet. |
Other packets | You can qualify the filter according to a specific type of IP-protocol. Specify a search for a specific character string within the packet header. |
Filters that work together can be put into groups. Default groups of filters are available under the Default Resources OU when you install the SafeLinx Administrator.
To add a filter, right-click the OU in which you want to add the filter, click
, and then select the filter type.