IP Condition

<< Click to Display Table of Contents >>

Navigation:  Event and Object Analysis > Capture Results Filtering > Filtration Basics > Rules > Criteria and Conditions >

IP Condition

Checks if client or server IP addresses belong to a range or a subnet.

Description

This condition checks if client or server IP addresses belong to a range or a subnet.

Please note:
1. Unwanted traffic should be isolated as early as possible. This affects the performance of Microolap EtherSensor and the runtime environment.
2. It is recommended to isolate all traffic from an IP address in the ethercap service IP filter.
3. It is recommended to isolate certain HTTP traffic from an IP address (if it is possible to specify such criteria) in the HTTP filter.
4. Certain messages from an IP address should be processed in the message filter.

Format

<с name="ip" address="<address type>" value="<ip-range>" />

The "name" attribute:

The name attribute specifies the name of the condition: name="ip".

The "address" attribute:

The address="..." attribute specifies the type of the address to check. Possible values:

"src" or "client"

Check the source address

"dst" or "server"

Check the destination address

"any" or *

Matches any address.

If the attribute is omitted, "*" is used by default.

The "value" attribute:

The value="..." attribute specifies the value for the comparison. Possible values:

ipaddress

Checks the IP address for equality. For example, value="192.168.0.10"

ip1-ip2

Checks if the IP address belongs to a certain range. For example, value="192.168.0.1-192.168.0.10"

ip/netmask

Checks is the IP address belongs to the specified subnet. For example, value="192.168.0.1/255.255.255.0"

ip/netmaskbits

Checks is the IP address belongs to the specified subnet. For example, value="192.168.0.1/24"

Example:

Drop messages from 192.168.0.15.

<?xml version="1.0" encoding="utf-8"?>
<filter name="Message filter" version="1.0">
 <comment>Message filter.</comment>
 
 <table name="main">
 
     <rule enabled="1">
       <match>
         <c name="ip" address="client" value="192.168.0.15" />
       </match>
       <action name="drop" />
     </rule>
 
     <rule enabled="1">
       <action name="accept" />
     </rule>
 
 </table>
</filter>