Create Security Filter Window

This window appears when you click Create on the Security tab of the Modify INS Filters window. Use it to create a security filter.

Begin by selecting the type of security filter you want to create from the Filter Type list.

Note: After you create a filter, the name of the list changes to Filter Type/Field Set, and it shows the field set for the filter you created. If you create two field sets (the maximum number allowed for security filters), the list name changes again to Field Set. You can continue to create filters within the the two field sets.

Your options in the remainder of the window depend on the filter type you choose: MAC, IP, TCP, or UDP.

When you finish with the window, click OK.

MAC Filters

Follow these steps:

  1. From the Source MAC Address list, select any if you want the filter to match any source MAC address. Otherwise, select specify, and enter the source address that you want the filter to match in the field below.
  2. From the Destination MAC Address list, select any if you want the filter to match any destination MAC address. Otherwise, select specify, and enter the destination address that you want the filter to match in the field below.
  3. From the Ethertype list, select the protocol that you want the filter to match, or select none. If you want a protocol that is not in the list, select other, and identify the protocol numerically in the Other field.

IP Filters

Follow these steps:

  1. From the Source Wildcard list, select the wildcard to be used with the IP address that you enter in the Source IP Address field.
    Notes:
  2. In the Source IP Address field, enter the source IP address that you want to use with the source wildcard.
  3. From the Destination Wildcard list, select the wildcard to be used with the IP address that you enter in the Destination IP Address field. The process described in the notes for Step 1 is also used to generate a set of destination IP addresses.
  4. In the Destination IP Address field, enter the destination IP address that you want to use with the destination wildcard.

The filter matches the packet header only if it matches both the source and destination IP address fields.

TCP Filters

Follow these steps:

  1. From the Source Wildcard list, select the wildcard to be used with the IP address that you enter in the Source IP Address field.
    Notes:
  2. In the Source IP Address field, enter the source IP address that you want to use with the source wildcard.
  3. From the Destination Wildcard list, select the wildcard to be used with the IP address that you enter in the Destination IP Address field. The process described in the notes for Step 1 is also used to generate a set of destination IP addresses.
  4. In the Destination IP Address field, enter the destination IP address that you want to use with the destination wildcard.
  5. From the Source Port list, select a port to identify an application protocol, or select none. If you want a protocol that is not in the list, select other, and identify the protocol in the Other field below the list.
    Example: You administer an intranet server and you want to prevent outside users from accessing it. You could select a source port of http.
  6. From the Destination Port list, select a port to identify an application protocol, or select none. If you want a protocol that is not in the list, select other, and identify the protocol in the Other field below the list.
    Example: You administer a network and you want to prevent anyone from accessing the Web. You could select a destination port of http.

The filter matches the packet header only if it matches the settings for the source IP address, the destination IP address, the source port, and the destination port.

UDP Filters

Follow these steps:

  1. From the Source Wildcard list, select the wildcard to be used with the IP address that you enter in the Source IP Address field.
    Notes:
  2. In the Source IP Address field, enter the source IP address that you want to use with the source wildcard.
  3. From the Destination Wildcard list, select the wildcard to be used with the IP address that you enter in the Destination IP Address field. The process described in the notes for Step 1 is also used to generate a set of destination IP addresses.
  4. In the Destination IP Address field, enter the destination IP address that you want to use with the destination wildcard.
  5. From the Source Port list, select a port to identify an application protocol, or select none. If you want a protocol that is not in the list, select other, and identify the protocol in the Other field below the list.
    Example: You want to prevent a device from receiving SNMP packets. You could select a source port of snmp.
  6. From the Destination Port list, select a port to identify an application protocol, or select none. If you want a protocol that is not in the list, select other, and identify the protocol in the Other field below the list.
    Example: You want to prevent a device from sending SNMP packets to a specific destination. You could select a destination port of snmp.

The filter matches the packet header only if it matches the settings for the source IP address, the destination IP address, the source port, and the destination port.