On Thu, 25 Nov 1999, Steve Sherwick wrote:
Well I'm playing around again...
I am attempting to install a user filter to suppress the flow of CIFS (SMB) communications through the HiPer ARC. My intent is to control the filters behavior by way of RADIUS and the Framed-Filter-Id= reply item.
I understand the technology portion of it but getting the nuances is kinda slowing me down.
I understand I need to create a named filter (In this case I named it NOCIFS) which I have managed to do with HARM. This is the filter.
#filter IP: 1 REJECT udp-src-port = 137; 2 REJECT udp-src-port = 138; 3 REJECT udp-src-port = 139;
I'm making the assumption that unlike many routers you may selectively Reject without having to allow everything else again.
According to the minimal documentation I've found there has to be a NOCIFS.IN and a NOCIFS.OUT file in the ARC for this to work. HARM however does not allow you to create a named filter with an extension. Does it create an in and an out automagically?? Or how does one do this??? In other words, how does HARM differentiate an In from an Out???
Well filters have various levels of application. meaning you have a input and out put filter on the interface, you have a input and output filter for the user. Now in your case since you are going to create a filter that is going to filter the netbios traffic you can create the filter as a input filter and apply it on the interface. So anything from the user (into the hiper arc) will be filtered. for this you need to create just any filter no in or out necessary, just put the filer on all the modem group interfaces. in and out for the filters are necessary only if you are using user filters and sending the filter name from radius using the standard radius attribute framed-filter-id krish
I'm fairly sure I can fool around with the CLI and get this to fly but the HARM should be able to handle it.
Anyway, am I even close to getting this to run <grin>....
Regards,
Steve Sherwick
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.