Filter Policies
7210 SAS D, E OS Router Configuration Guide Page 107
dst-port
Syntax dst-port {eq} dst-port-number
no dst-port
Context config>filter>ip-filter>entry>match
Description This command configures a destination TCP or UDP port number for an IP filter match criterion.
Note that an entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of
a fragmented packet since only the first fragment contains the L4 information.
The no form of the command removes the destination port match criterion.
Default none
Parameters dst-port-number — The destination port number to be used as a match criteria expressed as a decimal
integer.
Values 1 — 65535
fragment
Syntax fragment {true | false}
no fragment
Context config>filter>ip-filter>entry>match
Description Configures fragmented or non-fragmented IP packets as an IP filter match criterion. Note that an
entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented
packet since only the first fragment contains the L4 information.
The no form of the command removes the match criterion.
Default no fragment
Parameters true — Configures a match on all fragmented IP packets. A match will occur for all packets that have
either the MF (more fragment) bit set OR have the Fragment Offset field of the IP header set to a
non-zero value.
false — Configures a match on all non-fragmented IP packets. Non-fragmented IP packets are
packets that have the MF bit set to zero and have the Fragment Offset field also set to zero.
icmp-code
Syntax icmp-code icmp-code
no icmp-code
Context config>filter>ip-filter>entry>match
Description Configures matching on ICMP code field in the ICMP header of an IPpacket as a filter match
criterion. Note that an entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc)
To Next Page
Loading...
