Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherSPEDDTOUCH DSL ROUTERS
151152153154155156157158159160
152 Chapter 5. Command Line Interface Reference
command
append <
type
><
action
> <
parameters
> Append a filter to the end of this <
type
>.
insert <
type
> <
action
> <
parameters
> Insert a filter at the front of this <
type
>.
delete <
type
> <
action
> <
parameters
> Delete the first filter matching this filter.
flush <
type
> Delete all filters of this <
type
> from this interface.
check <
type
> <
parameters
> Check the action to take (Accept, Drop, Reject) based
on the parameters.
list <
type
> List all filters of a <
type
> on this interface.
watch on | off Print out a message to the console if a packet to or
from this remote is dropped or rejected.
type
input
output
forward
action
accept
drop
reject
parameters
Each IP filter can have any combination of the following parameters used for matching against
the IP packet. Below are the option/value pairs currently possible:
-p <
protocol
>|TCP|UDP|ICMP
where <
protocol
> is an IP protocol number or the string TCP, UDP, ICMP.
If <
protocol
> is 0 (or the -p option is not specified), this IP filter will match
any
protocol.
-sa <
first source ip addr
>[:<
last source ip addr
>]
where <
first source ip addr
> defines the first or only source IP address and <
last source ip
addr
>, if present, defines the last source IP address in a range. If not specified, <
first source ip
addr
> is assumed to be 0.0.0.0, <
last source ip addr
> is assumed to be 255.255.255.255.
-sm <
source ip mask
>
where <
source ip mask
>, when present, defines a mask to use when comparing the <
first source
ip addr
>...<
last source ip addr
> with the source IP address in the IP packet. If not specified, the
source IP mask is set to 255.255.255.255.
-sp <
first source port
>[:<
last source port
>]
where <
first source por
t> defines the first or only source port and <
last source port
>, if present,
defines the last source port in a range. If not specified, the <
first source port
> is assumed to be
0, the <
last source port
> is assumed to be 0xffff.
-da <
first dest ip addr
>[:<
last dest ip addr
>]
where <
first dest ip addr
> defines the first or only destination IP address and <
last dest ip
addr
>, if present, defines the last destination IP address in a range. If not specified, <
first dest ip
addr
> is assumed to be 0.0.0.0, <
last dest ip addr
> is assumed to be 255.255.255.255.
-dm <
dest ip mask
>
where <
dest ip mask
>, when present, defines a mask to use when comparing the <
first dest ip
addr
>...<
last dest ip addr
> with the destination IP address in the IP packet. If not specified, the
destination IP mask is set to 255.255.255.255.