[Top] [Table Of Contents] [Prev] [Next] [Index]
15 out of 25 total pages

Filters 12

This chapter describes how to use the command line interface to create, edit, and delete filters. The configuration settings are stored in the filter table. Detailed command definitions follow a command summary table.

System administrators can use the command line interface to create appropriate packet filters to control access to specific hosts, networks, and network services.

Once a filter is defined, it can be used with the ptrace command, or attached to an Ethernet interface, network hardwired port, user, or location. If used for route propagation, the filter is assigned to a specified protocol. Filters for network hardwired ports and Ethernet interfaces are set for the port or interface. Filters for dial-in users are set in the user table, or can be referenced by RADIUS. Filters for dial-out locations are set in the location table.

For more information about designing packet filters, refer to the PortMaster 4 Configuration Guide.

Displaying Filter Information

To display information about your filters, use the following filter-specific commands:

ifconfig--see page 2-9
show filter
show table filter
Note ¯ Filter names have a maximum of 15 characters. If longer names are used, they are truncated to 15 characters.

Summary of Filter Commands

The commands in Table 12-1 configure filters. Filters can be applied to Ethernet interfaces, users, locations, network hardwired ports, or protocols, and can be used for debugging with the ptrace command.

Note ¯ Enter the commands on one line, without any breaks. Line breaks shown here are due to the limited space available.

Table 12-1 Filter Configuration Commands
Command Syntax
add filter Filtername	- see page 12-3
delete filter Filtername	- see page 12-4
save filter	- see page 12-4
set filter Filtername blank	- see page 12-5
set filter Filtername RuleNumber permit\|deny [Ipaddress/NM Ipaddress(dest)/NM] [esp\|ah\|ipip\|ospf] [log] [notify]	- see page 12-5
set filter Filtername RuleNumber permit\|deny [Ipaddress/NM Ipaddress(dest)/NM] [protocol Number] [log] [notify]	- see page 12-5
set filter Filtername RuleNumber permit\|deny =ListName Ipaddress(dest)/NM [esp\|ah\|ipip\|ospf] [log] [notify]	- see page 12-5
set filter Filtername RuleNumber permit\|deny =ListName Ipaddress(dest)/NM [protocol Number] [log] [notify]	- see page 12-5
set filter Filtername RuleNumber permit\|deny Ipaddress/NM =ListName [esp\|ah\|ipip\|ospf] [log] [notify]	- see page 12-5
set filter Filtername RuleNumber permit\|deny Ipaddress/NM =ListName [protocol Number] [log] [notify]	- see page 12-6
set filter Filtername RuleNumber permit\|deny [Ipaddress/NM Ipaddress(dest)/NM] tcp [src eq\|lt\|gt Tport] [dst eq\|lt\|gt Tport] [established] [log] [notify]	- see page 12-7
set filter Filtername RuleNumber permit\|deny =ListName Ipaddress(dest)/NM tcp [src eq\|lt\|gt Tport] [dst eq\|lt\|gt Tport] [established] [log] [notify]	- see page 12-7
set filter Filtername RuleNumber permit\|deny Ipaddress/NM =ListName tcp [src eq\|lt\|gt Tport] [dst eq\|lt\|gt Tport] [established] [log] [notify]	- see page 12-8
set filter Filtername RuleNumber permit\|deny [Ipaddress/NM Ipaddress(dest)/NM] udp [src eq\|lt\|gt Uport] [dst eq\|lt\|gt Uport] [log] [notify]	- see page 12-10
set filter Filtername RuleNumber permit\|deny =ListName Ipaddress(dest)/NM udp [src eq\|lt\|gt Uport] [dst eq\|lt\|gt Uport] [log] [notify]	- see page 12-10
set filter Filtername RuleNumber permit\|deny Ipaddress/NM =ListName udp [src eq\|lt\|gt Uport] [dst eq\|lt\|gt Uport] [log] [notify]	- see page 12-10
set filter Filtername RuleNumber permit\|deny [Ipaddress/NM Ipaddress(dest)/NM] icmp [type Itype] [log] [notify]	- see page 12-12
set filter Filtername RuleNumber permit\|deny =ListName Ipaddress(dest)/NM icmp [type Itype] [log] [notify]	- see page 12-12
set filter Filtername RuleNumber permit\|deny Ipaddress/NM =ListName icmp [type Itype] [log] [notify]	- see page 12-12
set ipxfilter Filtername RuleNumber permit\|deny [srcnet Ipxnetwork] [srchost Ipxnode] [srcsocket eq\|gt\|lt Ipxsock] [dstnet Ipxnetwork] [dsthost Ipxnode] [dstsocket eq\|gt\|lt Ipxsock]	- see page 12-14
set sapfilter Filtername RuleNumber permit\|deny [server String] [network Ipxnetwork] [host Ipxnode] [socket eq\|gt\|lt Ipxsock]	- see page 12-16
show filter\|ipxfilter\|sapfilter Filtername	- see page 12-18
show table filter	- see page 12-18

Filter Commands

The following commands create, delete, and modify, and display filters.

Note ¯ If a filter rule is set with no arguments, the rule is removed. If a filter rule is set with arguments without specifying permit or deny , permit is chosen by default.

add filter

This command creates a new filter name and adds it to the filter table.

add filter Filtername


Filtername	Name for a filter--up to 15 characters.

Usage

If the filter is to be used by RADIUS, it must end in .in if it is an input filter and .out if it is an output filter. Consider using the same convention to distinguish all input and output filters.

Example

Command> add filter s1.in
New Filter successfully added

delete filter

This command deletes an existing filter from the filter table.

delete filter Filtername


Filtername	Name of a filter in the filter table.

Usage

Use caution when removing filters from the filter table. Make sure that they are no longer needed for any packet filtering.

Example

Command> delete filter s1.in

ComOS provides no automatic response to this command, but you can use the show table filter command to confirm that the filter has been removed from the filter table.

save filter

This command writes any changes in the filter table to the nonvolatile RAM of the PortMaster.

save filter

Usage

The save all command can also be used.

Example

Command> save filter
Filter table successfully saved
New configurations successfully saved.set filter blank

This command empties the contents of a filter.

set filter Filtername blank


Filtername	Name of a filter in the filter table.
blank	Removes all the rules from a filter.

Example

Command> set filter test blank

Removed all rules from filter test

set filter (IP)

These commands configure a filter that controls passage of a packet through an interface.

Note ¯ Enter this command on one line, without any breaks. The line breaks shown here are due to the limited space available.

set filter Filtername RuleNumber permit|deny
[Ipaddress/NM Ipaddress(dest)/NM] [esp|ah|ipip|ospf] [log] [notify]

set filter Filtername RuleNumber permit|deny
[Ipaddress/NM Ipaddress(dest)/NM] [protocol Number] [log] [notify]

set filter Filtername RuleNumber permit|deny
=ListName Ipaddress(dest)/NM [esp|ah|ospf] [log] [notify]

set filter Filtername RuleNumber permit|deny
=ListName Ipaddress(dest)/NM [protocol Number] [log] [notify]

set filter Filtername RuleNumber permit|deny
Ipaddress/NM =ListName [esp|ah|ipip] [log] [notify]

set filter Filtername RuleNumber permit|deny
Ipaddress/NM =ListName [protocol Number][log] [notify]


Filtername	Name of an existing filter that is in the filter table.
RuleNumber	Filter rule number--between 1 and 256.
permit	Permits a packet that matches the filter to pass through the interface. This is the default.
deny	Stops a packet that matches the filter from passing through the interface. The packet is dropped, and an ICMP "Host Unreachable" message is sent to the source address.
Ipaddress	IP address expressed in dotted decimal notation to compare with the source IP address of the packet. Hostnames are not recognized.
/NM	Netmask that indicates the number of high-order bits of the source or destination IP address of the packet that must match an address in the filter. Any value between 0 and 32 can be used; common mask values are /0--To match all packets with any address. /16--Looks at high-order 16 bits of the address. /24--Looks at high-order 24 bits of the address. /32--Looks at the entire IP address.
Ipaddress(dest)	IP address expressed in dotted decimal notation, to compare with the destination IP address of the packet. Hostnames are not recognized.
esp	Matches packets using the Encapsulating Security Payload (ESP) protocol. See RFC 1827 for more information on this protocol.
ah	Matches packets using the Authentication Header (AH) protocol. See RFC 1826 for more information on this protocol.
ipip	Matches packets using the IP Encapsulation within IP (IPIP). See RFC 2003 for more information on this protocol.
ospf	Matches packets using OSPF protocol.
log	Packets matching the rule are logged by syslog to the loghost.
notify	Packets matching the rule are logged by syslog to the source of the packet. If you have the ChoiceNet notifier installed, this keyword is used to cause a notification pop-up to appear on your computer.
protocol Number	Matches packets using the specified Internet Protocol. Number is a specified protocol number, as listed in RFC 1700, Assigned Numbers.
=ListName	Specifies a list of sites in the /etc/choicenet/lists directory on the ChoiceNet server. The equal sign (= ) must immediately precede the value.

Usage

You construct filters by first creating the filter using the command add filter , and then adding rules that permit or deny packets that match the criteria in the rules. You can update an existing filter by setting additional rules with new rule numbers and new filter criteria, or you can edit the existing rules.

You can delete a rule by specifying only the rule number--for example set filter s0.in 4 . You cannot use the command line interface to insert a rule between other rules, but you can do so with the FilterEditor application. These and other Java-based configuration tools are available via FTP at ftp://ftp.livingston./pub/livingston/software/java/.

Zero-length filters are treated as permit filters. That is, if a filter has no rules at all it permits everything through. If a filter has one or more rules, anything not explicitly permitted by a rule is denied at the end of the filter.

Note ¯ Entering the command set filter Filtername without any arguments removes all filter rules from the filter.

Example

Command> set filter w1.in 1 deny 192.168.1.0/24 0.0.0.0/0 log
Filter w1.in updated

set filter (TCP)

These commands set filtering rules for Transmission Control Protocol (TCP) packets.

Note ¯ Enter this command on one line, without any breaks. The line breaks shown here are due to the limited space available.


Filtername	Name of an existing filter that is in the filter table.
RuleNumber	Filter rule number--between 1 and 256.
permit	Permits a packet that matches the filter to pass through the interface. This is the default.
deny	Stops a packet that matches the filter from passing through the interface. The packet is dropped, and an ICMP "Host Unreachable" message is sent to the source address.
Ipaddress	IP address expressed in dotted decimal notation, to compare with the destination IP address of the packet. Hostnames are not recognized.
/NM	Netmask that indicates the number of high-order bits of the source or destination IP address of the packet that must match an address in the filter. Any value between 0 and 32 can be used; common mask values are /0--To match all packets with any address. /16--Looks at high-order 16 bits of the address. /24--Looks at high-order 24 bits of the address. /32--Looks at the entire IP address.
Ipaddress(dest)	IP address expressed in dotted decimal notation, to compare with the destination IP address of the packet. Hostnames are not recognized.
src	Specifies that the packet source port number be tested; see "Usage" for test criteria.
eq, lt, or gt	Mode of comparison of port numbers; equal to (eq ), less than (lt ), or greater than (gt ).
Tport	Number of the designated TCP port. See Table B-1 on page B-1 for a list of the port numbers 20 through 1701 commonly assigned to TCP and UDP services.
dst	Specifies that the packet destination port number be tested; see "Usage" for test criteria.
established	Accepts only packets being sent to an established TCP network connection, and denies packets sent to establish new TCP connections.
log	Packets matching the rule are logged by syslog to the loghost.
notify	Packets matching the rule are logged by syslog to the source of the packet. If you have the ChoiceNet notifier installed, this keyword is used to cause a notification pop-up to appear on your computer.
=ListName	Specifies a list of source or destination sites in the /etc/choicenet/lists directory on the ChoiceNet server. The equal sign (= ) must immediately precede the value.

Usage

The filtering rules are based on source and destination port numbers, and the established state of a connection.

The order of rules in a filter is important because the PortMaster evaluates the rules in the order that they are numbered. Refer to the PortMaster 4 Configuration Guide for more information.

The src and dst keywords allow you to test the source or destination port number in the packet to determine whether it does the following:


[src\|dst eq]	Equals the port number in the filter.
[src\|dst gt]	Is greater than the port number in the filter.
[src\|dst lt]	Is less than the port number in the filter.

Note ¯ Entering the command set filter Filtername without any arguments removes all filter rules from the filter.

Examples

Command> set filter w1.in 1 deny 192.168.1.0/24 0.0.0.0./0 log
Filter w1.in updated

Command> set filter w1.in 2 permit tcp estab
Filter w1.in updated

Command> set filter w1.in 3 permit tcp dst eq 80
Filter w1.in updated

Command> set filter w1.in 4 permit tcp dst eq 25
Filter w1.in updated

At any point, you can see the updates made to the filter by using the following command (shown with response):

Command> show filter w1.in
1 deny 192.168.1.0/24 0.0.0.0/0 ip log
2 permit 0.0.0.0/0 0.0.0.0/0 tcp estab
3 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 80
4 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 25

set filter (UDP)

This command sets filtering rules for User Datagram Protocol (UDP) packets.

Note ¯ Enter this command on one line, without any breaks. The line breaks shown here are due to the limited space available.


Filtername	Name of an existing filter that is in the filter table.
RuleNumber	Filter rule number--between 1 and 256.
permit	Permits a packet that matches the filter to pass through the interface. This is the default.
deny	Stops a packet that matches the filter from passing through the interface. The packet is dropped, and an ICMP "Host Unreachable" message is sent to the source address.
Ipaddress	IP address expressed in dotted decimal notation, to compare with the destination IP address of the packet. Hostnames are not recognized.
/NM	Netmask that indicates the number of high-order bits of the source or destination IP address of the packet that must match an address in the filter. Any value between 0 and 32 can be used; common mask values are /0--To match all packets with any address. /16--Looks at high-order 16 bits of the address. /24--Looks at high-order 24 bits of the address. /32--Looks at the entire IP address.
Ipaddress(dest)	IP address expressed in dotted decimal notation, to compare with the destination IP address of the packet. Hostnames are not recognized.
src	Specifies that the packet source port number be tested; see "Usage" for test criteria.
eq, lt, or gt	Mode of comparison of port numbers; equal (eq ), less than (lt ), or greater than (gt ).
Uport	Designated UDP port. See Table B-1 on page B-1 for a list of the port numbers 20 through 1701 commonly assigned to TCP and UDP services.
dst	Specifies that the packet destination UDP port number be tested; see "Usage" for test criteria.
log	Packets matching the rule are logged by syslog to the loghost.
notify	Packets matching the rule are logged by syslog to the source of the packet. If you have the ChoiceNet notifier installed, this keyword is used to cause a notification pop-up to appear on your computer.
=ListName	Specifies a list of source or destination sites in the /etc/choicenet/lists directory on the ChoiceNet server. The equal sign (= ) must immediately precede the value.

Usage

The filtering rules are very similar to those used for TCP packets, except that there is no established keyword for UDP. The order of rules in a filter is important because the PortMaster evaluates the rules in the order that they are numbered. Refer to the PortMaster 4 Configuration Guide for more information.

The src and dst keywords allow you to test the source or destination port number in the packet to determine whether it does the following:


[src\|dst eq]	Equals the port number in the filter.
[src\|dst gt]	Is greater than the port number in the filter.
[src\|dst lt]	Is less than the port number in the filter.

Note ¯ Entering the command set filter Filtername without any arguments removes all filter rules from the filter.

Examples

Command> set filter w1.in 5 permit udp src eq 53
Filter w1.in updated

Command> set filter w1.in 6 permit udp dst eq 53
Filter w1.in updated

set filter (ICMP)

These commands set filtering rules for Internet Control Message Protocol (ICMP) packets.

Note ¯ Enter this command on one line, without any breaks. The line breaks shown here are due to the limited space available.

Note ¯ Entering the command set filter Filtername without any arguments removes all filter rules from the filter.

set filter Filtername RuleNumber permit|deny
[Ipaddress/NM Ipaddress(dest)/NM] icmp [type Itype] [log] [notify]

set filter Filtername RuleNumber permit|deny
=ListName Ipaddress(dest)/NM icmp [type Itype] [log] [notify]

set filter Filtername RuleNumber permit|deny
Ipaddress/NM =ListName icmp [type Itype] [log] [notify]


Filtername	Name of an existing filter that is in the filter table.
RuleNumber	Filter rule number--between 1 and 256.
permit	Permits a packet that matches the filter to pass through the interface. This is the default.
deny	Stops the packet from passing through the interface. The packet is dropped, and an ICMP "Host Unreachable" message is sent to the source address.
Ipaddress	IP address expressed in dotted decimal notation, to compare with the destination IP address of the packet. Hostnames are not recognized.
/NM	Netmask that indicates the number of high-order bits of the source or destination IP address of the packet that must match an address in the filter. Any value between 0 and 32 can be used; common mask values are /0--To match all packets with any address. /16--Looks at high-order 16 bits of the address. /24--Looks at high-order 24 bits of the address. /32--Looks at the entire IP address.
Ipaddress(dest)	IP address expressed in dotted decimal notation, to compare with the destination IP address of the packet. Hostnames are not recognized.
Itype	ICMP message type to compare against the ICMP message type contained in the packet. ICMP message types are defined in RFC 1700, Assigned Numbers. Common ICMP types are the following: 0 --Echo reply 3 --Destination Unreachable 4 --Source Quench 5 --Redirect 8 --Echo 11 --Time Exceeded 12 --Parameter Problem 13 --Timestamp 14 --Timestamp Reply 15 --Information Request 16 --Information Reply
log	Packets matching the rule are logged by syslog to the loghost.
notify	Packets matching the rule are logged by syslog to the source of the packet. If you have the ChoiceNet notifier installed, this keyword is used to cause a notification pop-up to appear on your computer.
=ListName	Specifies a list of source or destination sites in the /etc/choicenet/lists directory on the ChoiceNet server. The equal sign (= ) must immediately precede the value.

Example

Command> set filter w1.in 1 permit icmp
Filter w1.in updated

set ipxfilter

This command sets filtering rules for IPX packets.

Note ¯ Enter this command on one line, without any breaks. The line breaks shown here are due to the limited space available.


Filtername	Name of an existing filter that is in the filter table.
RuleNumber	Filter rule number--between 1 and 256.
permit	Permits a packet that matches the filter to pass through the interface. This is the default
deny	Stops a packet that matches the filter from passing through the interface.
srcnet	Specifies the comparison with the source IPX network number contained in the packet, a 32-bit hexadecimal value
Ipxnetwork	IPX network number, a 32-bit hexadecimal value.
srchost	Specifies the comparison with the source IPX node address contained in the packet, a 48-bit hexadecimal value--usually the MAC address of the host.
Ipxnode	IPX node address, a 48-bit hexadecimal value--usually the MAC address of the host.
srcsocket	Specifies that the source IPX socket number contained in the packet must be compared with the IPX socket number specified in the filter. A second keyword--eq , lt , or gt --must be used to indicate the mode of comparison, an integer from 0 to 65535.
eq, lt, or gt	Mode of comparison of socket numbers; equal (eq ), less than (lt ), or greater than (gt ).
Ipxsock	A socket number specified for the comparison, an integer from 1 to 65535.
dstnet	Specifies the comparison with the destination IPX network number contained in the packet. A 32-bit hexadecimal number.
dsthost	Specifies the comparison with the destination IPX node address contained in the packet. A 32-bit hexadecimal number.
dstsocket	Specifies that the destination IPX socket number contained in the packet must be compared with the IPX socket number specified in the filter. A second keyword--eq , lt , or gt --must be used to indicate the mode of comparison, an integer from 0 to 65535.

Usage

The filtering rules are based on the source or destination host, network, or socket.

The eq , gt and lt keywords allow you to test the source or destination socket number in the packet to determine whether it does the following:


eq	Equals the socket number in the filter.
gt	Is greater than the socket number in the filter.
lt	Is less than the socket number in the filter.

Note ¯ Entering the command set filter Filtername without any arguments removes all filter rules from the filter.

Examples

Command> set ipxfilter e0.in 1 permit dstnet OXC009C901
Filter e0.in updated

Command> set ipxfilter e0.in 2 permit srcnet OXC009C905
Filter e0.in updated

Command> set ipxfilter e0.in 3 permit srchost OXA0B1C2D3
Filter e0.in updated

Command> set ipxfilter e0.in 4 permit dsthost OXA1B2C3D4
Filter e0.in updated

Command> set ipxfilter e0.in 5 deny dstsocket eq 451
Filter e0.in updated

Command> set ipxfilter e0.in 6 permit srcsocket gt 455
Filter e0.in updated

Command> show ipxfilter e0.in
- IPX Rules -
1 permit dstnet C009C901
2 permit srcnet C009C905
3 permit srchost A0B1C2D3
4 permit dsthost A1B2C3D4
5 deny dstsocket eq 0451
6 permit srcsocket gt 0455

set sapfilter

This command sets filtering rules for IPX Service Advertising Protocol (SAP) packets.

Note ¯ Enter this command on one line, without any breaks. The line breaks shown here are due to the limited space available.

set sapfilter Filtername RuleNumber permit|deny [server String]
[network Ipxnetwork] [host Ipxnode] [socket eq|gt|lt Ipxsock]


Filtername	Name of an existing filter that is in the filter table.
RuleNumber	Filter rule number--between 1 and 256.
permit	Permits a SAP packet that matches the filter to pass through the interface. This is the default.
deny	Stops a SAP packet that matches the filter from passing through the interface.
server	Specifies the comparison with the name of the server that is advertising its service.
String	SAP server name.
network	Specifies the comparison with the server's IPX network number.
Ipxnetwork	IPX network number, a 32-bit hexadecimal value.
host	Specifies the comparison with the server's IPX node address.
Ipxnode	IPX node address, a 48-bit hexadecimal value--usually the MAC address of the host.
socket	Specifies that the server's IPX socket number must be compared with the IPX socket number specified in the filter. A second keyword--eq , lt , or gt --must be used to indicate the mode of comparison.
eq, lt, or gt	Mode of comparison of socket numbers; equal (eq ), less than (lt ), or greater than (gt ).
Ipxsock	Socket number specified for the comparison, an integer from 1 to 65535.

Usage

The filtering rules are based on the server, network, host, or socket. SAP packets can be filtered only on output, not on input. Sap filter rules used as inbound packet filters are ignored.

The eq , gt and lt keywords allow you to test the destination socket number in the packet to determine whether it does the following:


eq	Equals the socket number in the filter.
gt	Is greater than the socket number in the filter.
lt	Is less than the socket number in the filter.

Note ¯ Entering the command set filter Filtername without any arguments removes all filter rules from the filter.

Example

Command> set sapfilter e0.out 1 permit network C009C901
Filter e0.out updated

Command> set sapfilter e0.out 2 permit host A0B1C2D3E4F5
Filter e0.out updated

Command> set sapfilter e0.out 3 deny socket eq 452
Filter e0.out updated

Command> show sapfilter e0.out
1 permit network C009C901
2 permit host A0B1C2D3E4F5
3 deny socket eq 0452

show filter

This command shows the configuration of a specified filter.

show filter|ipxfilter|sapfilter Filtername

filter Displays IP and IPX rules.

ipxfilter Displays IPX rules only.

sapfilter Displays SAP rules.

Filtername Name of a filter that is in the filter table.

filter	Displays IP and IPX rules.
ipxfilter	Displays IPX rules only.
sapfilter	Displays SAP rules.
Filtername	Name of a filter that is in the filter table.

Example

Command> show filter internet.in
1 deny 192.168.200.0/24 0.0.0.0/0 ip
2 permit 0.0.0.0/0 0.0.0.0/0 tcp estab
3 permit 0.0.0.0/0 0.0.0.0/0 udp dst eq 53
4 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 53
5 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 25
6 permit 0.0.0.0/0 0.0.0.0/0 icmp

show table filter

This command shows a list of the filters in the filter table.

show table filter

Command> show table filter
internet.in	ether0.in	check.in	pingtr.in
internet.out	ether.out

Filters 12

Displaying Filter Information

Summary of Filter Commands

Filter Commands

add filter

Usage

Example

delete filter

Usage

Example

See Also

save filter

Usage

Example

Example

See Also

set filter (IP)

Usage

Example

See Also

set filter (TCP)

Usage

Examples

See Also

set filter (UDP)

Usage

Examples

See Also

set filter (ICMP)

Example

See Also

set ipxfilter

Usage

Examples

See Also

set sapfilter

Usage

Example

See Also

show filter

Example

show table filter

Example Command> show table filter internet.in ether0.in check.in pingtr.in internet.out ether.out

See Also

Example

Command> show table filter

internet.in ether0.in check.in pingtr.in

internet.out ether.out