Ref: 13390013
Title: Explanation of Filters in IBs and Brouters
Date: 8/31/90

Copyright 3Com Corporation, 1991.  All rights reserved.

Internetwork bridges (IBs) and brouters can increase network security using
custom filters and Source Explicit Forwarding (SEF) to protect critical LAN
segments from unauthorized traffic.

The network manager can create custom filters to prevent packets that
meet certain criteria from being forwarded across the bridge or brouter.
Custom filters may be based on destination address or on arbitrary masks
for any byte, word (two bytes), or double word (four bytes) in a packet.

IBs and brouters can also monitor cross-network traffic on a bit-by-bit
level, allowing the network administrator to create filters at the level of
the packet address and protocol type fields, as well as protocol-dependent
fields.

Several criteria may be screened for in one filter.  For each criterion, a
filter may contain one of four conditions (EQUAL to, NOT EQUAL to, GREATER
than, and LESS than) and one of three logical operators (NOT, AND, and OR).

Screening may be done in "standard" or "inverse" mode.  Standard filters
screen out (reject) all packets that meet the filter criteria.  Inverse
filters forward packets that meet the filter criteria while screening out
all others.
