Section 7.2.10. Ascend-Data-Filter, Ascend-Call-Filter

7.2.10. Ascend-Data-Filter, Ascend-Call-Filter

Radiator supports Ascend Binary Filters, which are given the type of ‘abinary’ in the dictionary. The standard dictionary contains the standard abinary attributes Ascend- Data-Filter and Ascend-Call-Filter.

Ascend Binary Filters are binary encoded strings. However Radiator allows you to create filters in a symbolic, textual form. See you NAS documentation about the meaning, construction and use of Ascend Binary Filters with your NAS.

Radiator supports three basic types of filter, each with slightly different syntax.

IP Filter
The general syntax of an IP filter is:
```
ip dir action [dstip n.n.n.n/nn] [srcip n.n.n.n/nn] [proto [dstport cmp port]
[srcport cmp port] [est]]
```
- dir is IN or OUT, case insensitive
- action is FORWARD or DROP. Case insensitive
- proto is a protocol name, such as ip, icmp, tcp, lower case
- cmp is a port comparison operator like <, =, > or !=
- port is a defined port name or integer port number, such as ftp-data, telnet, smtp, lower case
Examples:
```
Ascend-Data-Filter = "ip in forward icmp"
Ascend-Data-Filter = "ip in forward dstip 1.2.3.4/24 tcp"
Ascend-Data-Filter = "ip in forward dstip 195.174.219.30 tcp
dstport=20",
```
Generic filter
The general syntax of a generic filter is:
```
generic dir action offset mask value [cmp] [more]
```
- dir is IN or OUT, case insensitive
- action is FORWARD or DROP, case insensitive
- offset is an integer offset
- cmp is == or !=
Examples:
```
Ascend-Data-Filter = "generic in forward 0 0 0"
Ascend-Data-Filter = "generic in drop 0 ffff 0080 != more"
```

IPX Filter

The general syntax for an IPX filter is:

ipx dir action [srcipxnet nnnn srcipxnode mmmmm [srcipxsoc cmp value]]
[dstipxnet nnnn dstipxnode mmmmm [dstipxsoc cmp value]]

dir is IN or OUT, case insensitive
action is FORWARD or DROP, case insensitive
cmp is a comparison operator like <, =, > or !=

Examples:

Ascend-Call-Filter = "ipx in forward srcipxnet 1 srcipxnode
0x11223344aabb srcipxsoc > abcd dstipxnet 5678 dstipxnode 0xaabbccddee00
dstipxsoc > 1234"

CAUTION

Radiator is very strict in its interpretation of filters. You cannot change the order of filter elements, but you can omit the ones shown in square brackets [...]