5.2. FILTER

The filter tag has a series of attributes which are used to define the characteristics that a packet must have to be considered valid. If the packet doesn't satisfy the parameters defined by the filter, the control passes to the following filter and so on. If no filter is verified, the packet is rejected.

Attributes:

Note

If you set sport or dport as "PORT", the port will be set during the script generation as the value indicated by the port attribute of the rule tag in the firewall rule you have defined. This way you can define services with parameters.

Syntax:

<filter direction="go/back" p="tcp/udp/icmp" sport="nPortaSrc" dport="nPortaDst"
  icmptype="tipoMsgIcmp" jump="ACCEPT/DROP/BACK/ICMP-ACC"/>

Example 5-1. Definition of 3 services

<services>
  <service name="http" description="Servizio www o http">
    <filter direction="go" p="tcp" dport="www"/>
    <filter direction="back" p="tcp" sport="www"/>
  </service>

  <service name="tcp" description="Servizio TCP generico">
    <filter direction="go" p="tcp" dport="PORT"/>
    <filter direction="back" p="tcp" sport="PORT"/>
  </service>

  <service name="ping" description="icmp message echo-request and echo-reply">
    <filter direction="go" p="icmp" ICMPTYPE="echo-request"/>
    <filter direction="back" p="icmp" ICMPTYPE="echo-reply"/>
  </service>
</services>