The Gate Management and Gate Control packages define a number of properties to support gate
management procedures at the boundary between two IP transport domains.
The packages in this Recommendation allow a Media Gateway (MG) to be configured to filter
packets based on rules for different criteria such as source address/port, destination address/port,
incoming protocol and/or outgoing protocol. The protocol filtering may be at the internet protocol
(IP) layer, transport protocol layer i.e. UDP/TCP or on a higher layer i.e. HTTP. Once a packet is
matched to any or all of the filter rules then the packet may be admitted (received and/or forwarded)
or discarded according to the behaviour specification.
These filtering rules have been placed in different packages to allow for different MG
configurations to be deployed according the gate management / control or firewall situation needed.
The filtering rules may be placed on an individual termination or the Root termination, thus
allowing the filtering policy to be set on a per call/stream basis or on a media gateway as a whole.
This policy may be set by the Media Gateway Controller (MGC) or by management action.
1.1 Typical applications for gate control/management
Filtering capabilities for IP network infrastructure is a wide topic. H.248.43 supports the flexible
definition of many different filter types and combinations of these filters. Such filters may be
applied in order to satisfy similar (operational security) requirements for IP traffic as e.g. outlined
by [b-IETF RFC 3871], or to address similar protocol specific attacks as e.g. identified by [b-IETF
RFC 4778], or to built similar filter structures as e.g. described by [b-IETF draft opsec-filter-caps].