Thanks for all of your replies. There are basically two ways to define the filters, in your Radius Reply, or statically on the APX/TNT/MAX. If you define them statically, you will have to activate them for each call. This can be done by passing the Filter-Id = attribute in your radius reply, or by using the "Answer-Defaults" facility of the NAS itself. Details are below. YMMV use at your own risk... BTW.. The ports are based on CERT advisory: http://www.cert.org/advisories/CA-2003-20.html -- Arnold Cavazos, Jr. abcjr at abcjr . net Here is the ruleset for a Radius Reply: Ascend-Data-Filter = ip in drop udp dstport = 69, Ascend-Data-Filter = ip in drop udp dstport = 135, Ascend-Data-Filter = ip in drop udp dstport = 139, Ascend-Data-Filter = ip in drop udp dstport = 445, Ascend-Data-Filter = ip in drop tcp dstport = 135, Ascend-Data-Filter = ip in drop tcp dstport = 139, Ascend-Data-Filter = ip in drop tcp dstport = 445, Ascend-Data-Filter = ip in drop tcp dstport = 4444, Ascend-Data-Filter = ip in forward, Ascend-Data-Filter = ip out drop udp dstport = 69, Ascend-Data-Filter = ip out drop udp dstport = 135, Ascend-Data-Filter = ip out drop udp dstport = 139, Ascend-Data-Filter = ip out drop udp dstport = 445, Ascend-Data-Filter = ip out drop tcp dstport = 135, Ascend-Data-Filter = ip out drop tcp dstport = 139, Ascend-Data-Filter = ip out drop tcp dstport = 445, Ascend-Data-Filter = ip out drop tcp dstport = 4444, Ascend-Data-Filter = ip out forward, Here is the ruleset for a 6096 config file: START=FILT=900=3 Name=blaster In filter 01...Valid=Yes In filter 01...Type=IP In filter 01...Ip...Protocol=17 In filter 01...Ip...Dst Port Cmp=Eql In filter 01...Ip...Dst Port #=69 In filter 02...Valid=Yes In filter 02...Type=IP In filter 02...Ip...Protocol=17 In filter 02...Ip...Dst Port Cmp=Eql In filter 02...Ip...Dst Port #=135 In filter 03...Valid=Yes In filter 03...Type=IP In filter 03...Ip...Protocol=17 In filter 03...Ip...Dst Port Cmp=Eql In filter 03...Ip...Dst Port #=139 In filter 04...Valid=Yes In filter 04...Type=IP In filter 04...Ip...Protocol=17 In filter 04...Ip...Dst Port Cmp=Eql In filter 04...Ip...Dst Port #=445 In filter 05...Valid=Yes In filter 05...Type=IP In filter 05...Ip...Protocol=6 In filter 05...Ip...Dst Port Cmp=Eql In filter 05...Ip...Dst Port #=135 In filter 06...Valid=Yes In filter 06...Type=IP In filter 06...Ip...Protocol=6 In filter 06...Ip...Dst Port Cmp=Eql In filter 06...Ip...Dst Port #=139 In filter 07...Valid=Yes In filter 07...Type=IP In filter 07...Ip...Protocol=6 In filter 07...Ip...Dst Port Cmp=Eql In filter 07...Ip...Dst Port #=445 In filter 08...Valid=Yes In filter 08...Type=IP In filter 08...Ip...Protocol=6 In filter 08...Ip...Dst Port Cmp=Eql In filter 08...Ip...Dst Port #=4444 In filter 09...Valid=Yes In filter 09...Type=IP In filter 09...Generic...Forward=Yes In filter 09...Ip...Forward=Yes In filter 09...Ipx...Forward=Yes Out filter 01...Valid=Yes Out filter 02...Type=IP Out filter 01...Ip...Protocol=17 Out filter 01...Ip...Dst Port Cmp=Eql Out filter 01...Ip...Dst Port #=69 Out filter 02...Valid=Yes Out filter 02...Type=IP Out filter 02...Ip...Protocol=17 Out filter 02...Ip...Dst Port Cmp=Eql Out filter 02...Ip...Dst Port #=135 Out filter 03...Valid=Yes Out filter 04...Type=IP Out filter 03...Ip...Protocol=17 Out filter 03...Ip...Dst Port Cmp=Eql Out filter 03...Ip...Dst Port #=139 Out filter 04...Valid=Yes Out filter 04...Type=IP Out filter 04...Ip...Protocol=17 Out filter 04...Ip...Dst Port Cmp=Eql Out filter 04...Ip...Dst Port #=445 Out filter 05...Valid=Yes Out filter 05...Type=IP Out filter 05...Ip...Protocol=6 Out filter 05...Ip...Dst Port Cmp=Eql Out filter 05...Ip...Dst Port #=135 Out filter 06...Valid=Yes Out filter 06...Type=IP Out filter 06...Ip...Protocol=6 Out filter 06...Ip...Dst Port Cmp=Eql Out filter 06...Ip...Dst Port #=139 Out filter 07...Valid=Yes Out filter 07...Type=IP Out filter 07...Ip...Protocol=6 Out filter 07...Ip...Dst Port Cmp=Eql Out filter 07...Ip...Dst Port #=445 Out filter 08...Valid=Yes Out filter 08...Type=IP Out filter 08...Ip...Protocol=6 Out filter 08...Ip...Dst Port Cmp=Eql Out filter 08...Ip...Dst Port #=4444 Out filter 09...Valid=Yes Out filter 09...Type=IP Out filter 09...Generic...Forward=Yes Out filter 09...Ip...Forward=Yes Out filter 09...Ipx...Forward=Yes END=FILT=900=3 To Apply the filter: Option #1 Use the MAX to apply the filter to all calls: Ethernet-> Answer-> Session Options -> Data Filter -> [blaster] Option #2 Use Radius Reply attributes to apply the filter: Filter-Id = "blaster" And the same for a TNT/APX: new FILTER set filter-name = blaster set input-filters 1 valid-entry = yes set input-filters 1 Type = ip-filter set input-filters 1 ip-filter protocol = 17 set input-filters 1 ip-filter Dst-Port-Cmp = eql set input-filters 1 ip-filter dest-port = 69 set input-filters 2 valid-entry = yes set input-filters 2 Type = ip-filter set input-filters 2 ip-filter protocol = 17 set input-filters 2 ip-filter Dst-Port-Cmp = eql set input-filters 2 ip-filter dest-port = 135 set input-filters 3 valid-entry = yes set input-filters 3 Type = ip-filter set input-filters 3 ip-filter protocol = 17 set input-filters 3 ip-filter Dst-Port-Cmp = eql set input-filters 3 ip-filter dest-port = 139 set input-filters 4 valid-entry = yes set input-filters 4 Type = ip-filter set input-filters 4 ip-filter protocol = 17 set input-filters 4 ip-filter Dst-Port-Cmp = eql set input-filters 4 ip-filter dest-port = 445 set input-filters 5 valid-entry = yes set input-filters 5 Type = ip-filter set input-filters 5 ip-filter protocol = 6 set input-filters 5 ip-filter Dst-Port-Cmp = eql set input-filters 5 ip-filter dest-port = 135 set input-filters 6 valid-entry = yes set input-filters 6 Type = ip-filter set input-filters 6 ip-filter protocol = 6 set input-filters 6 ip-filter Dst-Port-Cmp = eql set input-filters 6 ip-filter dest-port = 139 set input-filters 7 valid-entry = yes set input-filters 7 Type = ip-filter set input-filters 7 ip-filter protocol = 6 set input-filters 7 ip-filter Dst-Port-Cmp = eql set input-filters 7 ip-filter dest-port = 445 set input-filters 8 valid-entry = yes set input-filters 8 Type = ip-filter set input-filters 8 ip-filter protocol = 6 set input-filters 8 ip-filter Dst-Port-Cmp = eql set input-filters 8 ip-filter dest-port = 4444 set input-filters 9 valid-entry = yes set input-filters 9 forward = yes set input-filters 9 Type = ip-filter set output-filters 1 valid-entry = yes set output-filters 1 Type = ip-filter set output-filters 1 ip-filter protocol = 17 set output-filters 1 ip-filter Dst-Port-Cmp = eql set output-filters 1 ip-filter dest-port = 69 set output-filters 2 valid-entry = yes set output-filters 2 Type = ip-filter set output-filters 2 ip-filter protocol = 17 set output-filters 2 ip-filter Dst-Port-Cmp = eql set output-filters 2 ip-filter dest-port = 135 set output-filters 3 valid-entry = yes set output-filters 3 Type = ip-filter set output-filters 3 ip-filter protocol = 17 set output-filters 3 ip-filter Dst-Port-Cmp = eql set output-filters 3 ip-filter dest-port = 139 set output-filters 4 valid-entry = yes set output-filters 4 Type = ip-filter set output-filters 4 ip-filter protocol = 17 set output-filters 4 ip-filter Dst-Port-Cmp = eql set output-filters 4 ip-filter dest-port = 445 set output-filters 5 valid-entry = yes set output-filters 5 Type = ip-filter set output-filters 5 ip-filter protocol = 6 set output-filters 5 ip-filter Dst-Port-Cmp = eql set output-filters 5 ip-filter dest-port = 135 set output-filters 6 valid-entry = yes set output-filters 6 Type = ip-filter set output-filters 6 ip-filter protocol = 6 set output-filters 6 ip-filter Dst-Port-Cmp = eql set output-filters 6 ip-filter dest-port = 139 set output-filters 7 valid-entry = yes set output-filters 7 Type = ip-filter set output-filters 7 ip-filter protocol = 6 set output-filters 7 ip-filter Dst-Port-Cmp = eql set output-filters 7 ip-filter dest-port = 445 set output-filters 8 valid-entry = yes set output-filters 8 Type = ip-filter set output-filters 8 ip-filter protocol = 6 set output-filters 8 ip-filter Dst-Port-Cmp = eql set output-filters 8 ip-filter dest-port = 4444 set output-filters 9 valid-entry = yes set output-filters 9 forward = yes set output-filters 9 Type = ip-filter write -f To Apply: Option #1 Use the TNT to apply the filter to all calls: read answer-defaults set use-answer-for-all-defaults = yes set session-info data-filter = blaster set session-info filter-required = no write -f Option #2 Use Radius Reply attributes to apply the filter: Filter-Id = "blaster" ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com Archives: http://www.nexial.com/mailinglists/