User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

471

472

473

474

475

476

477

478

479

480

475

Example:

break ppp_label on ppp 0

# insert rule processing here for packets that are not on ppp 0

break end

ppp_label

# insert rule processing here for packets that are on ppp 0

The

on option is used to specify the interface to which the rule applies and must be followed

by a valid interface name. For example, if you were only interested in applying a particular

rule to packets being transmitted or received by PPP 0, you would include

on ppp 0 in the

rule. Valid interface-names are either

eth n, tun n or ppp n, where n is the instance number.

oneroute

The

oneroute option is used to specify that a rule will only match packets associated with

the specified eroute. For example, including the option

oneroute 2 would cause the rule to

only match on packets transmitted or received over Eroute 2. The

oneroute option can be

followed with the keyword

any, which will match if the packet is on any eroute.

routeto

When the

routeto option is specified and the firewall is processing a received packet, if the

rule is the last matching rule, then the packet is tagged as being required to be routed to

the specified interface.

For example:

pass in break end routeto eth 1 from 10.1.0.0/16 to 1.2.3.4 port=telnet

would ensure that all packets from 10.1.*.* to 1.2.3.4 on the telnet port are all routed to

ETH 1.

oosed

The

oosed option is used to check the out of service status of an interface. For example,

including the option

oosed ppp 1 would cause the rule to match only if interface PPP 1 is out

of service.

[tos]

The

[tos] field may be used to specify the Type of Service (TOS) to match. If included, the

[tos] field consists of the keyword tos followed by a decimal or hexadecimal code

identifying the TOS to match. For example, to block any inbound packet on PPP 0 with a

TOS of 0 you would use a rule such as:

block in on ppp 0 tos 0

[proto]

The

[proto] field is used to specify a protocol to match and consists of the proto keyword

followed by one of the following protocol identifiers:

Identifier

Meaning

udp UDP packet

tcp TCP packet