User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

471

472

473

474

475

476

477

478

479

480

479

Keyword

Std. Port

Service

telnet 23 Telnet server port

smtp 25 SMTP server port

http 80 Web server port

pop3 110 Mail server port

sntp 123 NTP server port

ike 500 Source/destination port for IKE key

xot 1998 Destination port for XOT packets

Note:

The above service keywords are pre-defined based on “standard” port numbers. It is

possible that these may have been defined differently on your system in which case you

should use the port numbers explicitly (not the defined names).

Filtering on TCP Flags

An ip-object can be followed by an optional [flags] field. This field allows the script to filter

based on any combination of TCP flags. The

[flags] field is used to specify the flags to

check and consists of the flags keyword followed by a string specifying the flags themselves.

Each letter in this string represents a particular flag type as listed below:

Code

Flag

f FIN Flag

r RESET Flag

s SYN Flag

p PUSH Flag

u URG Flag

a ACK Flag

These flag codes allow the filter to check any combination of flags.

Following on from the previous example, to block packets that have all the flags set you

would need to precede the pass rule with the following block rule:

block break end from any to 10.1.2.0/24 port=telnet flags frspua

Here, the list of flags causes the unit to check that those flags are set. This list may be

optionally followed by an exclamation mark (“!”) and a second list of flags that the unit

should check for being clear.

For example:

flags s!a

would test for the s flag being on and the a flag being off with all other flags ignored.