Introduction > Security > Packet Filtering on the KVM/netPlus

Packet Filtering on the KVM/netPlus
IP filtering refers to the selective blocking of the passage of IP packets based on certain characteristics. The filtering is based on rules that describe the characteristics of the packet (that is, the contents of the IP header, the input/output interface, or the protocol). The KVM/netPlus can be configured to filter packets as does a firewall.
The IP Filtering form is structured in two levels:
Chain – The IP Filtering form which contains a list of chains
Rule – The chains which contain the rules that control filtering
This feature is used mainly in firewall applications to filter the packets that could potentially crack the network system or generate unnecessary traffic in the network.
The following table describes the different levels of IP filtering
The filter table contains a number of built-in chains and may include user-defined chains. The built-in chains are called according to the type of packet. User-defined chains are called when a rule which is matched by the packet points to the chain. Each table has a set of built-in chains classified as follows:
Some information about the packet is checked according to the rule, for example, the IP header, the input and output interfaces, the TCP flags and the protocol.
When a chain is analyzed, the rules of this chain are reviewed one-by-one until the packet matches one rule. If no rule is found, the default action for that chain will be taken.

Introduction > Security > Packet Filtering on the KVM/netPlus