How to Run FILTCFG

Before you begin, make sure that the Filter Support option is enabled in the Novell^® Internet Access Server Configuration utility (NIASCFG) for each protocol that needs filtering.

NOTE:  When Filter Support is disabled, the protocol operates as if the filter module is not loaded, and no filtering occurs. However, the changes you make will have no effect until you enable Filter Support. When Filter Support is enabled, any changes you make to the filter configurations take effect immediately. It is not necessary to use the REINITIALIZE SYSTEM command.

To set up and modify filters, complete the following steps:

1. Load FILTCFG.

   The Filter Configuration Available Options menu is displayed.

2. Select the protocol for which you want to configure filters.

   The main filter menu for the protocol you selected is displayed.

3. Optionally, for IPX and IP filtering, select Global Logging and select Enabled to log packets that match the Filters or Exceptions definitions.

   The header of packets that match the Filters or Exceptions definitions are logged as long as the global logging status and the filters or exceptions logging status are both enabled. The logs are viewed using the NetWare Administrator utility.

4. Select the type of filter you want.

   The corresponding option menu is displayed.

5. For each option you select, you can configure the following general parameters:

   • Status ---Specifies the status of the selected filters. Any configured filters immediately become active (enabled) or inactive (disabled), depending on your choice.
   • Action ---Permits or denies the packet, route, or service listed in the filter list.

     When the action is permitted, the specified filters are accepted; any filters that are not explicitly permitted are denied. One of the following occurs:

     Packets matching the entries in the Packet Forwarding List are allowed through.

     Services or routes matching the entries in the Outgoing Service/Routing Information Filter Lists are advertised.

     Services or routes matching the entries in the Incoming Service/Routing Information Filter Lists are accepted.

     If the action is denied, the specified filters are denied (the packets are discarded); any filters that are not explicitly denied are permitted.

   • Filters ---Displays a list of filters that are accepted (permitted) or filtered (denied) on an interface.

     You can select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.

     Refer to the corresponding section later in this section for the steps you use to define a filter if you are modifying or adding a filter.

   • Exceptions ---Displays a list of exceptions to the Filters list, to which the Action parameter setting---permit or deny---does not apply.

     The Exceptions list is examined before the Filters list. If there is a conflict between the two lists, the Exceptions list is used. The action taken on the Exceptions list is always the opposite of the action taken on the Filters list.

     You select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. For example, you could use a filter to hide all Marketing file servers from Engineering, except the server named MKTG-DEMO.

6. Press Esc to exit.

   NOTE:  All filters affecting a primary call are automatically mapped to a configured backup call. Optionally, the automatic mapping of filtering can be disabled with the LOAD FILTSRV NOBACKUP command. With automatic mapping of filtering disabled, you can configure a selective filtering scheme that is specific to the needs of a backup link. The primary call and its associated backup call should use the same remote system ID. For information on configuring backup calls, refer to "Configuring Backup Calls."