Intel® Business Client Software Development
Support for Intel® vPro™ software development and the technologies associated with Intel vPro platforms.
Announcements
This community is designed for sharing of public information. Please do not share Intel or third-party confidential information here.

Creating IPV4 filter for not allowing particular IP

MPala11
New Contributor II
152 Views

Hi,

I tried to create a filter which will not allow a particular IP using Manageability commander tool

Filter config as below

Filter Info
Direction:Receive(inbound Packets)
Profile:Statistics drop

Filter Matching Info
Filter Type:IP Packets
ProtocolVersion:IPV4
Address:x.x.x.22
Netmask:255.255.248.0
Direction :Receive(inbound)

Create a profile with default values and added the above Filter and enabled the policy in the AMT system.
Policy details
Default Rx filter: No action
Default Tx Filter:No action
Anti Spoofing Filter :No Action

If we ping from x.x.x.22, it will discard the request, since we disabled the receive and ping from other system will work
After enabling policy network of the system was disabled, not able to ping from any system.
Actually we have set filter for one IP address alone, so remaining IP's need to work, but not working
Is it possible to create filter that will not allow a particular IP?

Thanks,
Mani



0 Kudos
1 Solution
Andrew_S_Intel2
Employee
152 Views
I apologize if I'm not interpreting your question correctly, but if you just want to block one specific IP address, you should be able to use a netmask of 255.255.255.255. It's been a while since I used the filtering functionality, but I think the netmask you did specify (255.255.248.0) would block any IP address between X.X.1.1 and X.X.7.254.

View solution in original post

2 Replies
Andrew_S_Intel2
Employee
153 Views
I apologize if I'm not interpreting your question correctly, but if you just want to block one specific IP address, you should be able to use a netmask of 255.255.255.255. It's been a while since I used the filtering functionality, but I think the netmask you did specify (255.255.248.0) would block any IP address between X.X.1.1 and X.X.7.254.
MPala11
New Contributor II
152 Views
Hi Andrew ,
Thanks for the reply.

I found this article is useful for understanding system defense

Intel Active Management Technology System Defense and Agent Presence Overview

Thanks,
Mani

Reply