Security
7705 SAR OS System Management Guide 97
fragment
Syntax fragment {true | false}
no fragment
Context config>system>security>cpm-filter>ip-filter>entry>match
Description This command configures fragmented or non-fragmented IP packets as an IP filter match criterion.
The no form of the command removes the match criterion.
This command applies to IPv4 filters only.
Default false
Parameters true — configures a match on all fragmented IP packets. A match will occur for all packets that
have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header
set to a non-zero value.
false — configures a match on all non-fragmented IP packets. Non-fragmented IP packets are
packets that have the MF bit set to zero and have the Fragment Offset field also set to zero.
icmp-code
Syntax icmp-code icmp-code
no icmp-code
Context config>system>security>cpm-filter>ip-filter>entry>match
config>system>security>cpm-filter>ipv6-filter>entry>match
Description This command configures matching on an ICMP code field in the ICMP header of an IP packet as an
IP filter match criterion.
The ICMP protocol must be configured using the match command before this filter can be configured.
The no form of the command removes the criterion from the match entry.
Default no icmp-code
Parameters icmp-code — specifies the ICMP code values that must be present to match
Values 0 to 255 (values can be expressed in decimal, hexadecimal, or
binary – DHB)
keywords - none | network-unreachable | host-unreachable |
protocol-unreachable | port-unreachable | fragmentation-needed |
dest-network-unknown | dest-host-unknown
To Next Page
Loading...
