Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherSPEDDTOUCH DSL ROUTERS
131132133134135136137138139140
138 Chapter 5. Command Line Interface Reference
-sm <
source ip mask
>
where <
source ip mask
>, when present, defines a mask to use when comparing the <
first source
ip addr
>...<
last source ip addr
> with the source IP address in the IP packet. If not specified, the
source IP mask is set to 255.255.255.255.
-sp <
first source port
>[:<
last source port
>]
where <
first source por
t> defines the first or only source port and <
last source port
>, if present,
defines the last source port in a range. If not specified, the <
first source port
> is assumed to be
0, the <
last source port
> is assumed to be 0xffff.
-
-da <
first dest ip addr
>[:<
last dest ip addr
>]
where <
first dest ip addr
> defines the first or only destination IP address and <
last dest ip
addr
>, if present, defines the last destination IP address in a range. If not specified, <
first dest ip
addr
> is assumed to be 0.0.0.0, <
last dest ip addr
> is assumed to be 255.255.255.255.
-dm <
dest ip mask
>
where <
dest ip mask
>, when present, defines a mask to use when comparing the <
first dest ip
addr
>...<
last dest ip addr
> with the destination IP address in the IP packet. If not specified, the
destination IP mask is set to 255.255.255.255.
-dp <
first dest port
>[:<
last dest port
>]
where <
first dest port
> defines the first or only destination port and <
last dest port
>, if present,
defines the last destination port in a range. If not specified, the <
first dest port
> is assumed to be
0, the <
last dest port
> is assumed to be 0xffff.
-b
This option indicates that this filter should be tested twice; the first time with the source filter
information matched against the source information in the IP packet and the destination filter
information matched against the destination information in the IP packet; and the second time
with the source filter information matched against the destination information in the IP packet
and the destination filter information matched against the source information in the IP packet.
-c <
count of times rule used
>
indicates how many IP packets have matched this filter since the router was rebooted.
-tcp syn|ack|noflag
where
syn
is the TCP SYN flag,
ack
is the TCP ACK flag, and
noflag
means that there is a
TCP packet
and
neither the SYN flag nor the ACK flag are set. This option is ignored if the IP
packet is not a TCP packet. Unless specified, the TCP SYN and TCP ACK flags are not
checked when the IP packet is matched with this filter.
Note:
You may specify
more
than one
-tcp
option in an IP filter. For example, to match this IP
filter against the initiation of a TCP connection, use
-tcp syn
. The IP packets that will match
this IP filter have the TCP SYN flag set but
not
the TCP ACK flag .
To match the response to initiation of a TCP connection,
-tcp syn -tcp ack
are needed. Only IP
packets with
both
the TCP SYN and TCP ACK flags would this IP filter.
port#
Ethernet interface number. Can be 0 or 1.
Examples:
eth ip filter flush input 0
This command deletes all IP filters of type “Input” on the Ethernet interface 0.
eth ip filter append forward deny
This command denies the forwarding of all IP traffic. This IP filter is useful as the "last" IP filter in a
default action.