IP packet header

You can create filter rules to refer to various portions of IP, TCP, UDP, and ICMP headers.

The following list includes the fields you refer to in a filter rule that make up the IP packet header:

Source IP address
Protocol (for example, TCP, UDP)
Destination IP address
Source port
Destination port
IP datagram direction (inbound, outbound, or both)
TCP SYN bit

For example, you can create and activate a rule that filters a packet based on the destination IP address, source IP address, and direction (inbound). In this case, the system matches all incoming packets (according to their origin and destination addresses) with corresponding rules. Then the system takes the action that you specified in the rule. The system discards any packets that are not permitted in your filter rules. This is called the default deny rule.

Note: The system applies the default deny rule to packets only if the physical interface has at least one active rule. This rule can be customer defined or generated by IBM® Navigator for i. Regardless of whether the filter rule permits inbound traffic or outbound traffic, the system implements the default deny rule in both directions. If there is no filter rule that is active on the physical interface, the default deny rule does not work.