IP packet header

 

You can create filter rules to refer to various portions of IP, TCP, UDP, and ICMP headers.

The following list includes the fields you refer to in a filter rule that make up the IP packet header:

For example, you can create and activate a rule that filters a packet based on the destination IP address, source IP address, and direction (inbound). In this case, the system matches all incoming packets (according to their origin and destination addresses) with corresponding rules. Then the system takes the action that you specified in the rule. The system discards any packets that are not permitted in your filter rules. This is called the default deny rule.

The system applies the default deny rule to packets only if the physical interface has at least one active rule. This rule can be customer defined or generated by iSeries™ Navigator. Regardless of whether the filter rule permits inbound traffic or outbound traffic, the system implements the default deny rule in both directions. If there is no filter rule active on the physical interface, the default deny rule will not work.

 

Parent topic:

IP filtering

Related concepts
Masquerade (hide) NAT