Our discussion is centered around the popular TheNet X-1J series of nodes, which are in wide use throughout Wisconsin. It's assumed you know some of the basics of node operation, such as what an alias is. We won't discuss much of the security aspects of node operation, just some general security concepts. While this series is not specifically aimed at the node user, it can be a good resource for the casual user who wants to know more about nodes. That said, we'll begin (and continue) alphabetically.
The first and second installments deal with one of the least understood node configuration commands - ACL. We'll take two parts to discuss this command as it is so complex and requires a lot of attention to function properly.
Numerical values are based on "bit values" that correspond to a particular action that you wish the node to take. These bit values, and the action associated with them, are shown in the table below:
0 - Prohibit incoming Level 2 connections
1 - Prohibit outgoing Level 2 connections
2 - Ignore node broacasts from this particular station
3 - Prohibit Level 3 (node packets) operation from this particular station
4 - Prohibit Level 4 incoming connections associated with a particular station
5 - Prohibit Level 4 outgoing connections associated with a particular station
6 - Ignore a particular station's SSID on the ACL list
Now it's time for some additional discussion before we go any further. Forgive me while I delve into this, however, it is important to understand just what these levels mean in order to use ACL effectively.
Level Two connections can be considered the AX.25 connection between a regular user and a node. The ACL command can prohibit a user from making a connection to or from the node. This corresponds to the bits 0 and 1. 0 prohibits regular users from connecting to the node. 1 will allow a user to connect to a node, but will only allow connections to other nodes (not other users).
Level Three connections are basically network management and relay. Setting the 3 bit will disallow relay of network node packets from or to the corresponding station on the ACL list.
Level Four connections are node-to-node connections. If a node call-sign has the 4 ACL bit set, this call-sign won't be able to connect. If this node call-sign has the 5 bit set for a node on the ACL list, it will be able to connect to your node, but your node will not be able to connect to it.
The remaining bits should be self-explanitory, ignoring node broadcasts and the SSID (Secondary Station Identification) bit do pretty much what you might think.
When it comes upon such a call-sign, it first looks at a "Mask" value that determines what the node should check for. The Mask value is designed to speed things up by restricting the number of checks that would need to be made for a particular call-sign.
For example, if we only need to ignore nodes broadcasts from a particular node, we would only set bit number 2 in the mask. This way, the computer has to only check for one thing instead of 7 things.
The other check that is made when a station attempts a connect is the "Default" value. The Default value is also chosen by the node operator and may be virtually any number. It's best, however, to keep it low, for reasons we will cover in our next part.