6.2.4 Remote Source Address/Port Filtering
23.3343GPPIP Multimedia Subsystem (IMS) Application Level Gateway (IMS-ALG) - IMS Access Gateway (IMS-AGW) interface: Procedures descriptionsRelease 17TS
This procedure is identical to that of clause 6.2.1 apart from the IMS-ALG optionally specifying the required IP address and/or port to be used to screen received media packets on a termination.
This clause considers when the IMS-ALG is acting as an Entry point and remote source transport address filtering is required towards the external network.
As a security related option, on request from the IMS-ALG, filtering may be enabled to check/validate the source address or source address and port number of incoming packets from the external network. If the IMS-ALG requests address filtering, it may additionally provide an address specification, which may identify either a single address or a range of addresses, against which filtering is to be performed. The absence of such an address specification in the request shall implicitly request filtering against the IP address of the remote connection address. In addition to address filtering, the IMS-ALG may also request port filtering. If the IMS-ALG requests port filtering, it may additionally include either a port or a range of ports, against which filtering is to be performed. The absence of a port specification in the request shall implicitly request filtering against the port of the remote connection address.
If the IMS-AGW is requested to apply source IP address and possibly source port filtering, it shall only pass incoming IP packets from the identified source, and discard IP packets from other sources.
If remote source address filtering is required for the created termination, then the IMS-ALG shall include the information element "Remote source address filtering" in the request sent to the IMS-AGW. In addition, it may also include the information element "Remote source address mask" in order to request filtering of a range of addresses.
If remote source port filtering is required for the created termination (in addition to remote source address filtering), then the IMS-ALG shall include the information element "Remote source port filtering" in the request sent to the IMS-AGW. It may also include one of the information elements "Remote source port" or "Remote source port range".
Subsequently, the IMS-AGW shall apply filtering as requested to the packets arriving from the external network. Any packet arriving, which does not meet the filtering requirement, shall be discarded.