IPX Packet Filtering

In addition to routing IPX traffic, an IPX router can allow or disallow the flow of very specific types of IPX traffic. This capability, called IPX packet filtering, provides a way to precisely define the type of IPX traffic allowed to cross the router.

You can create a series of definitions called filters that indicate to the router the type of traffic allowed or disallowed on each interface. You can set these filters for incoming and outgoing traffic. Input filters ** define the incoming traffic on a specific interface that is allowed to be routed or processed by the router. Output filters ** define the traffic that is allowed to be sent from that interface.

Figure 5.1 illustrates IPX packet filtering.

Figure 5.1 IPX Packet Filtering

Because both input and output filters can be defined for each interface, it is possible to create contradictory filters. For example, the input filter on one interface allows the inbound traffic, but the output filter on the other interface does not allow the outbound traffic. The result is that the desired traffic is not passed across the router.

The Windows 2000 Router has the capability to perform input and output filtering for each interface based on key fields in the IPX header. The next section explains the structure of an IPX header to help you gain an understanding of the types of IPX filtering that the Windows 2000 Router can perform.