User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

471

472

473

474

475

476

477

478

479

480

474

The

vdscp action is very similar to the dscp action as described above in that it adjusts the

DSCP value in a packet. The difference however is that this is a virtual change only which

means that the actual packet is not changed, and that the packet is processed as if it had

the DSCP value as indicated. Like the dscp action, a decimal or hex number must follow.

[in-out]

The

[in-out] field can be in or out and is used to specify whether the action applies to

inbound or outbound packets. When the field is left blank the rule is applied to any packet

irrespective of its direction.

[options]

The

[options] field is used to define a number of options that may be applied to packets

matching the rule. These are:

log

When the

log option is specified, the unit will place an entry in the FWLOG.TXT file each

time it processes a packet that matches the rule. This log will normally detail the rule that

was matched along with a summary of the packet contents. If the

log option is followed by

the body sub-option, the complete IP packet is entered into the

log file so that when the log

file is displayed, a more detailed decode of the IP packet is shown.

The

log field may also be followed by a further sub-option that specifies a different type of

log output. This may either be

snmp, syslog or event.

snmp is specified an SNMP trap (containing similar information to the normal log entry), is

generated when a packet matches the rule.

syslog is specified, a syslog message is sent to the configured syslog manager IP address.

This message will contain the same information as that entered into the log file, but in a

different format.

If the

body option has also been specified, some of the IP packet information is also

included.

Note that the size of the syslog message is limited to the maximum of 1024 bytes. The

syslog message is sent with default priority value of 14, which expands out to facility of

USER, and priority INFO.

event is specified the log output will be copied to the EVENTLOG.TXT pseudo-file as well

as the FWLOG.TXT file. The event log entry will contain the line number and hit count for

the rule that caused the packet to be logged.

Example:

Say your local network is on subnet 192.168.*.* and you want to block any packets

received on PPP 0 that were “pretending” to be on the local network and log the receipt of

any such packets to the FWLOG.TXT file and to a syslog server. The filter rule would be

constructed as follows:

block in log syslog break end on ppp 0 from 192.168.0.0/16 to any

break

When the

break option is specified it must be followed by a user-defined label name or the

predefined

end keyword. When followed by a label, the rule processor will “jump” to that

label to continue processing. When followed by the

end keyword rule processing will be

terminated and the packet will be treated according to the last matching rule.