User`s guide
487
block return-icmp echorep log body break end proto icmp icmp-type echo
From REM TO LOCIFACE: ETH 0
45 IP Ver: 4
Hdr Len: 20
00 TOS: Routine
Delay: Normal
Throughput: Normal
Reliability: Normal
00 3C Length: 60
9C CC ID: 40140
00 00 Frag Offset: 0
Congestion: Normal
May Fragment
Last Fragment
80 TTL: 128
01 Proto: ICMP
0C E1 Checksum: 3297
64 64 64 19 Src IP: 100.100.100.25
64 64 64 32 Dst IP: 100.100.100.50
ICMP:
08 Type: ECHO REQ
00 Code: 0
04 5C Checksum: 1116
----------
Example: Text included in the EVENTLOG.TXT pseudo-file when the event sub-option is
specified:
16:26:32, 15 Aug 2002,Firewall Log Event: Line: 10, Hits: 3
Example: Syslog message where the body option is not specified:
2002-09-04 16:30:06 User.Info100.100.100.50Aug 15 16:31:59 arm.1140
IP Filter -
Filter Rule: block return-icmp unreach host-unr in log syslog break
end on eth 0 proto tcp from any to 100.100.100.50 port=telnet
Line: 10
Hits: 4
Example: Syslog message with the body option is specified:
2002-08-30 16:19:59 User.Info100.100.100.50Aug 10 16:21:56 arm.1140
IP Filter - Filter Rule: block return-icmp unreach port-unr in log
body syslog break end on eth 0 proto tcp from any to 100.100.100.50
port=telnet
Line: 9
Hits: 3
PKT:
Source IP: 100.100.100.25
Dest IP: 100.100.100.50
ID: 13317
TTL: 128
Protocol: TCP
Source Port: 1441