Home » , , » What Is IP Filtering?

What Is IP Filtering?

09:03
IP filtering is simply a mechanism that decides which types of IP packets will be processed normally and which will be dropped or rejected. By dropped we mean that the packet is deleted and completely ignored, as if it had never been received. By rejected we mean that the firewall sends an ICMP response to the sender indicating a reason why the packet was rejected. You can apply many different sorts of criteria to determine which packets you wish to filter. Some examples of these are:
  • Protocol type: TCP, UDP, ICMP, etc.
  • Port number (for TCP/UPD)
  • Packet type: SYN/ACK, data, ICMP Echo Request, etc.
  • Packet source address: where it came from
  • Packet destination address: where it is going to
It is important to understand at this point that IP filtering is a network layer facility. This means that it doesn't understand anything about the application using the network connections, only about the connections themselves. For example, you may deny users access to your internal network on the default Telnet port, but if you rely on IP filtering alone, you can't stop them from using the Telnet program with a port that you do allow to pass through your firewall. You can prevent this sort of problem by using proxy servers for each service that you allow across your firewall. The proxy servers understand the application that they were designed to proxy and can therefore prevent abuses, such as using the Telnet program to get past a firewall by using the World Wide Web port. If your firewall supports a World Wide Web proxy, outbound Telnet connections on the HTTP port will always be answered by the proxy and will allow only HTTP requests to pass. 

The IP filtering rule set is made up of many combinations of the criteria listed previously. For example, let's imagine that you wanted to allow World Wide Web users within the Virtual Brewery network to have no access to the Internet except to use other sites' web servers. You would configure your firewall to allow forwarding of the following:
  • Packets with a source address on Virtual Brewery network, a destination address of anywhere, and with a destination port of 80 (WWW)
  • Packets with a destination address of Virtual Brewery network and a source port of 80 (WWW) from a source address of anywhere
Note that we've used two rules here. We have to allow our data to go out, but also the corresponding reply data to come back in. In practice, as we'll see in the chapter on IP masquerade and Network Address Translation

Categories: , ,
Related Posts:
  • EMAIL BULK SERVICE Email marketing is a powerful channel but also one that presents many questions and difficulties. In their 2012 Email marketing benchmark, marketingsherpa surveyed 2,735 companies and asked them to rank the significance o… Read More
  • What is Active Server? The server-based component of Microsoft’s Active Platform. Comprised of a set of technologies that includes DCOM (distributed component object model), Active Server Pages, Microsoft Transaction Server, and message queues,… Read More
  • Why B2B website needed? Short for business-to-business. The electronic exchange of products and services between businesses without the direct involvement of consumers. B2B’s effects on business include streamlining purchasing, accounting, and o… Read More
  • website domain names Web Hosting - UK Website Hosting and Domain Names - LCN.com Buy reliable UK web hosting packages, powerful server solutions, and great value domain names from LCN.com. UK based technical support on hand 7 days a week. Domai… Read More
  • voip test VoIP Speed, Bandwidth, and Jitter Test | WhichVoIP.com Free VoIP speed test tool that performs a bandwidth test, jitter test, and a packet loss  test on your Internet connection to determine VoIP compatibility. Intern… Read More
  • What is Internet domain? Internet Domains  In database design and management, the set of valid values for a given attribute. For example, the domain for the attribute AREA-CODE might be the list of all valid three-digit numeric telephone are… Read More
  • Web and Database Port Listing Table A-1. HTTP/1.1 Methods and Field Definitions Web and Database Port Listing Port Server 66 Oracle SQL*Net 80 Hyper Text Transfer Protocol (HTTP) 81 HTTP Proxy, Alternativ… Read More
  • What Is IP Filtering? IP filtering is simply a mechanism that decides which types of IP packets will be processed normally and which will be dropped or rejected. By dropped we mean that the packet is deleted and completely ignored, as if it h… Read More
  • Abstract data type In programming, a data set defined by the programmer in terms of the information it can contain and the operations that can be performed with it. An abstract data type is more generalized than a data type constr… Read More
  • Session Hijacking-Protection Session hijacking isn't new to computer security. The term is most commonly used to describe the process of a TCP connection taken over by a sequence prediction attack. In such an attack, the attacker gains control of … Read More
  • unlimited web hosting Web hosting & domain names - doteasy.com unlimited web hosting add an unlimited number of domains to your account, and enjoy unlimited sub-domains, aliases, web space, traffic and mysql databases.Unlimited ho… Read More
  • purchase domains Domain Names | Register Your Domain Name In India - GoDaddy in.godaddy.com/ GoDaddy makes registering Domain Names fast, simple, and affordable. Find out why so many business owners chose GoDaddy to be their … Read More
  • Top website design tips website programmers should be to make the website experience as easy and pleasant for the user as possible. Clearly, well-designed pages with easily navigable layout are central to this, but they're not the whole story.… Read More
  • hosting server Web Hosting free web hosting-free hosting 12:15 Web hosting Awardspace is a free web hosting provider with no ads, paid web hosting, vpshosting, reseller hosting, domain nam… Read More
  • What is ActiveX A set of technologies that enables software components to interact with one another in a networked environment, regardless of the language in which the components were created. ActiveX, which was developed by Microsoft in… Read More