Filter and Firewall
Left running head:
Chapter name (automatic)
694
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Command Reference Guide
Alcatel-Lucent
To Configure a Rule for a Filter:
[<1-65535>] match [any|all] <match-list name>...
{permit|deny [reset]}[log] [verbose] [timer <timer-object>]
The above command is used to configure rules (set priority for the rule, associate
match-lists and action) for a filter, and also set the action deny or permit for the
configured rules.
default {deny|permit}[log] [verbose]
This command sets a default action of either deny or permit on the filter. The
default action for a filter is “deny”. The reset keyword can be used in conjunction
only with the “deny” keyword.
The example below sets a permit rule so that only traffic defined by m1 is
permitted.
ALU(config)# ip filter f1
ALU(config-filter-f1)# 10 match m1 permit log
The example below configures a deny rule with reset option on traffic as defined in
m1.
ALU(config-filter-f1)# 10 match m1 deny reset
Parameter Description
1-65535 Denotes the filter rule number. The
range for the filter rule.
match [any|all] <match-list
name>
match all - In this type of match, the
relevant action is performed only when
all the match-list criteria is satisfied.
match any - In this type of match, the
relevant action is performed even if any
one of the match-list criterion is satisfied.
deny This command prohibits the traffic
through it.
permit This command allows traffic through it.
The filter has to be set to this mode to
enable it.
deny[reset] Keyword "deny reset" sends TCP RST to
the source, for TCP traffic that matches
the classification, and drops packets for
other non-TCP traffic.
log Logs the first packet of a session.
verbose Logs all packets of a session.
timer-object The name of the time range.
default {deny|permit} If no match cases are given, this default
keyword is used to just configure a
permit or deny on all the incoming traffic.
To Next Page
Loading...
