Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

231

232

233

234

235

236

237

238

239

240

238 Chapter 8. Command Reference

eth ip filter insert <type> <action> <parameters> [<interface>]

Inserts a filter in the list of filters for this <type> and <interface>. The filter is specified by the <action>

and optional <parameters>.

If no line number is specified, the filter is inserted at the beginning of the list; otherwise, it is inserted

before the specified line. To see the line numbers, use the eth ip filter list command. Filters are used in

the order they appear in their list.

eth ip filter delete <type> <action> <parameters> [<interface>]

Deletes the first filter that matches the filter specified on the command.

eth ip filter flush [<first line> [<last line>]] <type> [<interface>]

Deletes a range of filters from the list for this <type> and <interface>.

If no line numbers are specified, all filters in the list are deleted. If only the first line number is specified,

all filters from that line to the end are deleted. To see the line numbers, use the eth ip filter list

command. Filters are used in the order they appear in their list.

eth ip filter clear [<first line> [<last line>]] [<type>] <clear arg> [<interface>]

Resets the counters for the specified filters. A filter has a counter if the -c parameter was specified when

the filter was defined.

You can specify the filters whose counters are to be reset by their line number range and type (input,

output, or forward). If no type is specified, the counters for all filters for the interface are reset. If no line

numbers are specified, the counters for all filters for that type and interface are reset. If only the first line

number is specified, all counters for filters from that line to the end of the list are reset. To see the line

numbers and counters, use the eth ip filter list command.

eth ip filter check <type> <parameters> [<interface>]

Checks the action that would be taken if a packet with the specified parameters was compared with the

list of filters defined for the specified type and interface. For example, the command

eth ip filter check input -p TCP 1

would check what action (accept, drop, reject, inipsec, outipsec) would be taken for a TCP packet after it

was compared with the list of input filters defined for port 1.

eth ip filter list <type> [<interface>]

Lists all filters of the specified <type> defined for the specified <interface>.

eth ip filter watch <on | off> [-q | -v] [<interface>]

Turns on or turns off the console watch for the interface. If the watch is on, a message is printed to the

console serial port when a packet is dropped or rejected. (The message is also sent to any Syslog servers;

see Syslog Client, on page 153.)

However, if the parameter -q (quiet) was specified for a filter, no message is printed when that filter

matches a packet. If the parameter -v (verbose) was specified for a filter, a message is printed whenever

that filter matches a packet, regardless of the filter action.

To see the messages, Telnet to the router and enter system log start. The watch does not continue after a

reboot; to resume the watch after a reboot, you must enter the eth ip filter watch on command again.