Configuring packet filters and TCP Wrappers

Editing filter elements

To define an element of a packet filter using the Packet Filter Manager:

For a LAN interface, select one of:

Allow
Allow packets which match the filter to pass through the interface.
Block
Stop packets which match the filter from passing through the interface.

For a WAN (PPP) interface, select one of:

Match
Allow packets which match the filter to pass through the interface (passin or passout), to bring up the interface (bringup), or to keep up the interface open (keepup).
Match except
Allow packets which do not match the filter to pass through the interface (passin or passout), to bring up the interface (bringup), or to keep the interface open (keepup).

NOTE: For passin and passout filters, Match is equivalent to Allow, and Match except is equivalent to Block. The difference in terminology arises because the PPP bringup and keepup filters do not drop packets. bringup decides which packets can bring up a PPP interface. keepup decides which packets can reset the interface's idle timer.
Select the services and ports to which you want the filter element to apply in one of the following ways:
- Select Specific and choose a subset of the listed services and ports by highlighting them in the list. Packets for the chosen services and ports will have the filter element applied to them.
- Select All to choose all services and ports. Packets for all services and ports, whether listed or unlisted, will have the filter element applied to them.
- Select All except and choose a subset of the listed services and ports by highlighting them in the list. Packets for all services and ports except those chosen will have the filter element applied to them.
To add a service or port to the list, click on Add. Enter the details of the service or port using the following format:
```
port/protocol	[name]
```
port is the port number of the service, protocol is one of tcp or udp, and the optional name identifies the service. Click on OK to add your entry to the list of ports and services.
To modify the definition of a service or port, select it, and then click on Modify. Edit the entry and then click on OK.
To delete one or more services or ports from the list, select them, and then click on Delete.
NOTE: You cannot modify or delete entries which have been obtained from the services(4tcp) file, or which are used by other filter elements.
Select the direction of packets to which the filter element will be applied:
- Select From to apply the filter element to packets which originate from certain specified hosts or networks.
- Select To to apply the filter element to packets which are destined for certain specified hosts or networks.
- Select both From and To to select packets which originate from, or which are destined for, certain specified hosts or networks.
NOTE: If you want to specify different origin and destination addresses, you must define a separate filter element (From and To) for each.
Specify the test to be applied to these addresses in one of the following ways:
- Select Specific and choose a subset of the listed addresses by highlighting them in the list. Packets with the chosen addresses traveling in the specified directions will have the filter element applied to them.
- Select All to choose all addresses. All packets, whether listed or unlisted, traveling in the specified directions will have the filter element applied to them.
- Select All except and choose a subset of the listed addresses by highlighting them in the list. All packets traveling in the specified directions except those with the chosen addresses will have the filter element applied to them.
If you selected Specific or All except in the previous step, click on Add to enter source or destination addresses which are not already listed. Select whether the address is for a host or network, enter an IP address or a resolvable name for a host or network, and then click on OK to add it to the list.
NOTE: Network IP addresses must be specified without the trailing 0's in what would normally be the host portion of the address. For example, you would specify 200.20.34 rather than 200.20.34.0 (assuming that the network mask is 255.255.255.0).
To modify an address, select it from the list, and then click on Modify. Edit the entry and then click on OK.
To remove one or more addresses from the list, select them, and then click on Delete.
NOTE: You cannot delete an address from the list if it is used by other filter elements.

When you have completed the definition of a filter element, click on Next to edit any additional filter elements.

If you want to edit a previously defined filter element after completing the definition of this filter element, click on Back.

To remove an element from a filter definition, click on Delete.

To stop editing filter elements and save the complete filter, click on Finish. The filter will not become active until you apply it to an interface by selecting Filter Load.