Well the manual seemed pretty clear to me. What seems to be the problem? If you just follow your own description of what you are trying to do, you should be able to create the filter. #1 - You are trying to create a filter so go to the filter profile. Main Edit Menu > Ethernet > Filters > [unused filter] Add a name for the filter [Name=HTTP block] > I need to block all port 80 (web) OUTGOING (hmm why not incoming) traffic > from a range of IP addresses... for example 203.xx.xx.21-79 which is the > ip range of our 60 dialups. #2 - You say you want an "OUTGOING" filter so select "Output filters..." Select the first unused filter [say "Out filter 01"] Enable it by making it a valid filter ["Valid=Yes"] You are trying to block TCP/IP packets so make it an IP filter ["Type=IP"] #3 - You are trying to create an IP filter so select "Ip..." You say you want to block packets so you do not want to forward these packets ["Forward=No"] You say you do not want access to port 80 - this would be the destination port - the port the server is listening on. ["Dst Port Cmp=Eql", "Dst Port #=80"] You say you do not want access for the "web", so this would be TCP, which is IP protocol 6 ["Protocol=6"] Since you are trying to block the initial connection TCP request, not just the packets within the connection, use "TCP Estab=No" - the default (no change needed). You say you want to block traffic "from" a set of addresses so you need to use the "Src Adrs" and "Src Mask" fields to add this specification. This is the only tricky part, since you are not trying to block a network or subnet but just an arbitrary range of addresses. Your solutions are to (a) block a larger range of addresses (that matches a subnet) or (b) to use multiple rules that will block up to the full range or (c) to use multiple rules, one to block a larger range and then one or more to enable the necessary exceptions to the rule. I'll go the easy way and just block some extra addresses, since you want to "FORCE users" to use the web cache. You said "21-79". This does not fall fully into either of the 6-bit subnets 0-63 or 64-127, so picking the 7-bit subnet of 0-127 seems the only choice. So you want to match "Src Mask=255.255.255.128" and "Src Adrs=203.xx.xx.0" And there you have your filter. 90-504 Ip... Forward=No Src Mask=255.255.255.128 Src Adrs=203.129.22.0 Dst Mask=0.0.0.0 Dst Adrs=0.0.0.0 Protocol=6 Src Port Cmp=None Src Port #=N/A Dst Port Cmp=Eql Dst Port #=80 TCP Estab=No > (hmm why not incoming) Which interface are you installing your filters on? LAN A +----+ Pipeline +----+ MAX +----+ LAN B +----+ Router +----+ Internet If you are putting the filter on the LAN interface of the Pipeline then if you want to block packets from LAN A, it should be an "Input" filter. If you are putting the filter on the WAN interface of the Pipeline then if you want to block packets from LAN A, it should be an "Output" filter. If you are putting the filter on the WAN interface of the MAX then if you want to block packets from LAN A, it should be an "Input" filter. If you are putting the filter on the LAN interface of the MAX then if you want to block packets from LAN A, it should be an "Output" filter. ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!--X-Follow-Ups-End--> <!--X-References--> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg11178.html">Re: (ASCEND) Pipeline 75, 2 channels, and ACO</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg11176.html">Re: (ASCEND) Pipeline 75, 2 channels, and ACO</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg11139.html">(ASCEND) Assistance with Filters</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg11141.html">(ASCEND) Re: Pipeline 220</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="maillist.html#11179"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd256.html#11179"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>