Security Command Reference
Page 94 7705 SAR OS System Management Guide
Default no dst-ip
Parameters ip-address — the IP prefix for the IP match criterion in dotted-decimal notation
Values 0.0.0.0 to 255.255.255.255
mask — the subnet mask length expressed as a decimal integer
Values 1 to 32
netmask — the dotted-decimal equivalent of the mask length
Values 0.0.0.0 to 255.255.255.255
dst-port
Syntax dst-port tcp/udp port-number [mask]
no dst-port
Context config>system>security>cpm-filter>ip-filter>entry>match
Description This command specifies the TCP/UDP port to match the destination port of the packet.
The no form of the command removes the destination port match criterion.
The TCP or UDP protocol must be configured using the match command before this filter can be
configured.
Parameters tcp/udp port-number — the destination port number to be used as a match criterion
Values 0 to 65535 (accepted in decimal, hexadecimal, or binary format)
mask — the 16-bit mask to be applied when matching the destination port
fragment
Syntax fragment {true | false}
no fragment
Context config>system>security>cpm-filter>ip-filter>entry>match
Description This command configures fragmented or non-fragmented IP packets as an IP filter match criterion.
The no form of the command removes the match criterion.
Default false
Parameters true — configures a match on all fragmented IP packets. A match will occur for all packets that have
either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a
non-zero value.
false — configures a match on all non-fragmented IP packets. Non-fragmented IP packets are packets
that have the MF bit set to zero and have the Fragment Offset field also set to zero.
To Next Page
Loading...
