Format

filter   name
         local
                         type      type
                         local_info
         remote
                         type      type
                         remote_info
         url
                         type      urltype
                         url_info
        tos_match        tos_match
        tos_match_mask   tos_match_mask
        service          service

• name is the name of the filter. This value can contain up to 20 characters.

• type is the type of information identifying the local or remote network entity and is one of:

  • host

  • host_group

  • subnet

  • subnet_group

• local_info and remote_info are specific local and remote network entity information. The convention for what is local and what is remote is the same as for the service definitions. The format depends on the value of type:

  • If type is host, specify the keyword address and the IP address or name of the host.

  • If type is host_group, specify the keyword name and the name of a host group that is defined earlier in the configuration file.

  • If type is subnet, specify the keyword mask and the subnet mask (in decimal dot format only), and specify the keyword address and the IP address or name of the network.

  • If type is subnet_group, specify the keyword name and the name of a subnet group that is defined earlier in the configuration file.

• urltype is the type of information identifying the url setting and is one of:

  • url

  • url_group

• url_info is specific URL information. The format depends on the value of urltype:

  • If urltype is url, specify the keyword address and the URL in the format protocol://username:password@host:port/path.

  • If urltype is url_group, specify the keyword name and the name of a url group that is defined earlier in the configuration file.

• tos_match is the Type of Service value specified as a value between 0-255. This value can be specified as a hexadecimal, decimal, or octal value. Refer to "Type of Service Values" for further information. Prefix hexadecimal values with 0x and octal with 0.

• tos_match_mask is a bit mask that specifies which bits will match the Type of Service value in the IP header with the tos_match. Refer to "Type of Service Values" for further information.

• service is the name of the service or services. To specify any service, do not specify the service keyword.

Examples

filter   filter1
         local
                         type      host
                         address   apricot
         remote
                         type      host_group
                         name      grp_sales
         tos_match       0x03
         tos_match_mask  0x0F
         service         ftp,http
filter   filter2
         local
                         type      subnet_group
                         name      grp_nets
         remote
                         type      subnet
                         address   129.xxx.yyy.0
                         mask      255.255.255.0
         url
                         type      url_group
                         name      web_sun_group
         service         http