User manual

Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall)

Alvarion BreezeNET B130/B300 GigE 179 Operational User Manual

Example:

ipfw add reject all from mac 0012345678 to 0/0

ipfw addout reject all from 0/0 to mac 0012345678

ipfw add rf1 reject all from mac $ACL to 0/0

ipfw add reject all from 0/0 to not 1.1.1.0/24

Ports list is set as a simple enumeration of ports separated by space bars.

The first element in the list can be a port couple separated by a semicolon. These

ports will specify a port values range (from the smallest to the biggest inclusively).

One can specify up to 10 ports in the list.

The packets which are not a first fragment of the fragmented IP-packets are not

checked to fulfill the port number restrictions (as a port number is specified only

in the first fragment). If the first fragment is filtered the rest of the fragments will

be rejected by the target machine IP-protocol.

Modifiers field is used for the additional packet characteristics which can be

considered by the filter.

Possible values:

 tcp_connection

The filter is referred only to the packets of an establishing a TCP-connection.

Connection is synonym of tcp_connection. Technically, a packet for requesting a

connection has a TCP header with SYN flag set and ACK flag cleared.

 ip_fragment

The filter refers only to fragmented packets. Technically, either offset field in the

packet has non-zero value or a more fragments bit is set.

 ip_head_fragment

The filter is applied only to the first fragment of the fragmented packet.

Technically an offset field in the packets has non-zero value or a more fragments

bit is set.

 ip_tail_fragment