User guide
176 Chapter 5. Command Line Interface Reference
If -v (verbose) is specified, a message is printed every time this filter matches a packet, regardless of the filter
action.
The optional interface determines which Ethernet interface the Þlter applies to.
If the router has only one Ethernet interface, <interface> may be omitted.
If the router has two physical Ethernet interfaces (that is, a dual-port router), you must specify the port by its
number (0 or 1).
If logical interfaces have been defined for the physical Ethernet interface, the port number and the logical
interface number are specified (<port #>:<logical #>, for example, 0:1).
Examples:
eth ip filter flush input 0
This command deletes all IP filters of type ÒInputÓ on the Ethernet interface 0.
eth ip filter append forward deny
This command denies the forwarding of all IP traffic. This IP filter is useful as the "last" IP filter in a default
action.
ETH IP FIREWALL
The router supports IP Internet Firewall Filtering to prevent unauthorized access to your system and network
resources from the Internet. This filter discards packets received from the WAN that have a source IP address
recognized as a local LAN address. This command sets Ethernet Firewall Filtering on or off and allows you to list
the active state.
Note 1: This command requires a save and reboot before it takes effect.
Note 2: To perform Firewall Filtering, IP routing must be enabled.
ETH IP MGMT
This command assigns to an Ethernet interface an IP address which is to be used for management purposes only
and not for IP address translation. This management IP address is generally a private network address used solely
by the ISP.
eth ip firewall on | off | list
on Sets Þrewall Þltering on. IP routing must also be enabled for Þltering to be performed.
off Sets Þrewall Þltering off.
list Lists the current status of Þrewall Þltering.
Example:
# eth ip firewall list
The Internet firewall filter is currently on.
0 offending packets were filtered out.