User Guide
8 Firewall Commands
128 / 260
3EC 16982 AFAA TCZZA Ed. 01
firewall match
Match a specified IP packet. Used to match an IP packet against a chain in order to determine
what the reaction of the firewall would be.
This command can be considered as being the same as the firewall rule create command, but
without the action to be taken.
SYNTAX:
firewall match chain = <string>
[srcintf = <string>]
[src = <ip-address>]
[srcbridgeport = <number>]
[dstintf = <string>]
[dst = <ip-address>]
[tos = <number>]
[prot = <{tcp|udp|icmp|protocol}>]
[syn = <yes|no>]
[urg = <yes|no>]
[ack = <yes|no>]
[srcport = <{ftp|ftp-data|telnet|mail|smtp|dns|domain|tftp|port}>]
[dstport = <{ftp|ftp-data|telnet|mail|smtp|dns|domain|tftp|port}>]
[icmptype = <{echo-reply|destination-unreachable|source-quench|
redirect|echo-request|router-advertisement|
router-solicitation|time-e xceeded|parameter-problems|
timestamp-request|timestamp-reply|
information-request|information-reply|
address-mask-request|address-mask-reply|
icmpnumber}>]
[icmpcode = <number{0-15}>]
chain The name of the chain to match the packet against. REQUIRED
[srcintf] The name of the interface the virtual packet arrived on. OPTIONAL
[src] The source IP address the virtual packet is coming from. OPTIONAL
[srcbridgeport] A number between 0 and 6.
Represents the bridge port the virtual packet arrived on.
Execute bridge iflist for a list of available bridge ports.
OPTIONAL
[dstintf] The name of the interface the virtual packet is going to. OPTIONAL
[dst] The destination IP address the virtual packet is going to. OPTIONAL
[tos] A number between 0 and 255.
Represents the Type Of Service specification which should be
expected [or NOT expected] in the IP packet. The Type of Service
numbering specification is in accordance to the latest version of
RFC1700: Assigned numbers.
OPTIONAL