User guide

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

191

192

193

194

195

196

197

198

199

200

192 Chapter 5. Command Line Interface Reference

If no line number is specified, the filter is appended to the end of the list; otherwise, it is appended after

the specified line. To see the line numbers, use the remote ipfilter list command. Filters are used in the

order they appear in their list.

remote ipfilter insert <type> <action> <parameters> <remoteName>

Inserts a filter in the list of filters for this <type> (Input, Output, or Forward) for this remote router entry.

If no line number is specified, the filter is inserted at the beginning of the list; otherwise, it is inserted

before the specified line. To see the line numbers, use the remote ipfilter list command. Filters are used

in the order they appear in their list.

remote ipfilter delete <type> <action> <parameters> <remoteName>

Deletes the first filter that matches the filter specified on the command.

remote ipfilter flush [<first line> [<last line>]] <type> <remoteName>

Deletes a range of filters of this <type> (Input, Output, or Forward) for this remote router entry.

If no line numbers are specified, all filters in the list are deleted. If only the first line number is specified,

all filters from that line to the end are deleted. To see the line numbers, use the remote ipfilter list

command. Filters are used in the order they appear in their list.

remote ipfilter clear [<first line> [<last line>]] [<type>] <clear arg> <remoteName>

Resets the counters for the specified filters. A filter has a counter if the -c parameter was specified for the

filter.

You can specify the filters whose counters are to be reset by their line number range and type (input,

output, or forward). If no type is specified, the counters for all filters for the interface are reset. If no line

numbers are specified, the counters for all filters for that type and interface are reset. If only the first line

number is specified, all counters for filters from that line to the end are reset. To see the line numbers and

counters, use the remote ipfilter list command.

remote ipfilter check <type> <parameters> <remoteName>

Checks the action that would be taken if a packet with the specified parameters was compared with the

list of filters defined for the specified type and remote router entry.

For example, the command

remote ipfilter check input -p TCP branch1

would check what action (accept, drop, reject, inipsec, outipsec) would be taken for a TCP packet after it

was compared with the list of input filters defined for remote router branch1.

remote ipfilter list <type> <remoteName>

Lists all filters of the specified <type> (Input, Output, or Forward) for this remote router entry.

remote ipfilter watch <on | off> [-q | -v] <remoteName>

Turns on or turns off the console watch for this remote router entry. If the watch is on, a message is

printed to the console serial port when a packet is dropped or rejected.

However, if the parameter -q (quiet) was specified for a filter, no message is printed when that filter

matches a packet. If the parameter -v (verbose) was specified for a filter, a message is printed whenever

that filter matches a packet, regardless of the filter action.