Defining IP filter interfaces

You can define filter interfaces to establish the filter rules that you want the system to apply to each interface.

Before you can define your filter interfaces, you need to create the filters that you intend the system to apply to various interfaces. If you choose to define your addresses (when you define your interfaces), you will refer to them by name. If you choose not to define your addresses (when you define your interfaces), you will refer to them by IP addresses.

When you create your filters, you can include multiple filters in one set. You then add the set to a FILTER_INTERFACE statement. The set name used in the statement needs to be a set name that you defined in a filter statement. For example, if you have a set name, ALL, and all of your filters are in that set, you must include the set name, ALL, in the filter interface statement for the filters to work properly. Not only can you have multiple filters in a set, but you can also have multiple sets in a FILTER_INTERFACE statement.

Before you define your interfaces, you should include any additional files you want to use. Then you can define your interfaces. Remember that the filter sets are applied in the order that they are specified in the filter interface statement. So the filter rules should appear in the FILTER_INTERFACE statement in the same order in which the sets are physically defined in the file.

For instructions on how to define a filter interface, use the Packet Rules Editor online help.

Parent topic: Configuring packet rules
Previous topic: Creating IP filter rules
Next topic: Including files in packet rules