Specifications
20-18 policy Commands
Examples
Thefollowingexampleentersthepolicy:<named‐policy>:apfilterscontextforthep1<named‐
policy>:
EWC.enterasys.com:policy:p1# ulfilterap enable
EWC.enterasys.com:policy:p1# apcustom enable
EWC.enterasys.com:policy:p1# apfilters
EWC.enterasys.com:policy:p1:apfilters#
20.5.11.1 create
Usethecreatecommandtocreate,insert,orappendanewAPcustomfilterforthis<named‐
policy>.Thecreatecommandisaccessiblefromthepolicy:<named‐policy>:apfilterscontext.
Ifadvancedfiltermodehasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),
theAdvancedmodesyntaxispresented.If
advancedfiltermodeisnotenabled,theBasicmode
syntaxispresented.
Syntax
Basic mode syntax:
create <pos> proto <protocol> (<ipaddress/mask> | interface-subnet | interface-ip)
[(port <port> [<port>]) | (type <type> [<type>])] in (none|dst) out (none|src)
(allow | deny)
Advanced mode syntax:
create <pos> proto <protocol> (<ipaddress/mask> | interface-subnet | interface-ip)
[(port <port> [<port>]) | (type <type> [<type>])] in (none|src|dst|both) out
(none|src|dst|both) (allow | deny)
Parameters
<pos> Specifiesapositionvalueforthisfilterinthefilterlist.Validvaluesare
from0‐255.
proto<protocol> Specifiestheprotocolforthiscustomfilterbynumberorname.Valid
numbervaluesarefrom0‐255.Validnamevaluesare:
• udp - UDP protocol
• tcp - TCP protocol
• ah - Authentication Header protocol
• esp - Encapsulating Security Payload protocol
• all - All protocols
• icmp - ICMP protocol
• gre - Generic Route Encapsulation protocol
<ipaddress/mask> SpecifiesanIPaddressandmaskforthiscustomfilter.
interface‐mask SpecifiesthattheIPaddressandmaskconfiguredfortheassociated
topologywillbeusedforthiscustomfilter.
interface‐ip SpecifiestheIPaddressoftheassociatedtopologywillbeusedforthis
customfilter.