yes, I want to treat them as martians. This is good information, thanks One more question. In the manual, it states that if profile Reqd=Yes in the Answer profile, Data Filter does not apply in hte Answer porfile. Does this mean that I need to filter the eithernet instead of the wan? (Don't want to. possible to lock myself out!) On Thu, 13 Jul 2000, Phillip Vandry wrote: > Date: Thu, 13 Jul 2000 16:54:57 -0400 (EDT) > From: Phillip Vandry <phil at 4p.com> > To: Michael Ghens <mghens at rain.org> > Cc: ascend-users at bungi.com > Subject: Re: (ASCEND) Filters > > > Not to clear on the filters > > > > 1) you create an ip filter. Protocal of 0 is for everything > > Protocol 0 is indeed for everything. > > > 2) assign it as a data filter in the ethernet-> answer section > > > > If my filter is 10-504, the the filter is 504. > > Actually it's 4. The filter numbers are always yyy mod 100 if the filter's > ID is xx-yyy. Secure access firewalls are (bbb mod 100) + 100 if the > firewall's ID is aa-bbb. > > > Any sugguestion appreciated. Need to block out rfc1918 packets. > > On input, I guess? (you want to treat them as martians) > > In filter 01... > Type=IP > Forward=No > IP..Source Mask=255.0.0.0 > IP..Source Addr=10.0.0.0 > In filter 02... > Type=IP > Forward=No > IP..Source Mask=255.240.0.0 > IP..Source Addr=172.16.0.0 > In filter 03... > Type=IP > Forward=No > IP..Source Mask=255.255.0.0 > IP..Source Addr=192.168.0.0 > In filter 04... > Type=Whatever > Forward=Yes > > -Phil > ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com To get FAQ'd: <http://www.nealis.net/ascend/faq>