User guide
Chapter 10: Configuring Firewall Settings
118
type. The fifth statement is a combination of the first and second statements. The sixth
statement is a combination of the first, second, and fourth statements.
1. ip src addr <IPv4-addr>
2. ip dst addr <IPv4-addr>
3. ip addr <IPv4-addr>
4. ip proto <protocol-type>
5. ip src addr <IPv4-addr> dst addr <IPv4-addr>
6. ip src addr <IPv4-addr> dst addr <IPv4-addr> proto <protocol-type>
Examples
ip addr 192.168.10.1/24
ip addr 192.168.10.0-192.168.10.255
Firewall conditions
TCP and UDP Conditions
You can specify TCP and UDP port numbers in decimal, octal, or hexadecimal notation.
The port’s value range is 0 through 65535.
tcp src port <TCP-UDP-port>
tcp dst port <TCP-UDP-port>
tcp dst port <TCP-UDP-port> src port <TCP-UDP-port>
udp src port <TCP-UDP-port>
udp dst port <TCP-UDP-port>
udp dst port <TCP-UDP-port> src port <TCP-UDP-port>
ICMP conditions
You can specify ICMP conditions in decimal, octal, or hexadecimal notation. You can find
the valid number for type and code at
http://www.iana.org/assignments/icmp-
parameters
.
icmp type <protocol-type>
icmp code <message-code>
icmp type <protocol-type> code <message-code>
Expressions An expression describes a list of header values that must match the clause’s protocol
parser. Each clause is directly responsible for matching a specific layer in the protocol
stack. The syntax and accept range of values is determined by the clause. The expression
can be a single value, a comma separated list of values, or a range set. Currently,
expressions exist to specify adapter numbers, IPv4 addresses, TCP and UDP port
numbers, ICMP message type and codes, and IP datagram protocol numbers.
<value>
<value>, <value>
<value> - <value>
Expressions that begin with an exclamation marks (
!
) are called a not-expressions. Not-
expressions will match all values except those you specify. Not-expressions that do not
match any values will generate an error.