Network Security > Packet Filter > Overview
Network Security
156
RM GUI HiSecOS EAGLE20/30
Release
3.0
09/2015
Protocol Displays the IP protocol to which the rule is restricted. The device applies
the rule exclusively to packets of the specified IP protocol.
Possible values:
icmp
Internet Control Message Protocol (RFC 792)
igmp
Internet Group Management Protocol
ipip
IP in IP tunneling (RFC 1853)
tcp
Transmission Control Protocol (RFC 793)
udp
User Datagram Protocol (RFC 768)
esp
IPsec Encapsulated Security Payload (RFC 2406)
ah
IPsec Authentication Header (RFC 2402)
icmpv6
Internet Control Message Protocol for IPv6
any
The device applies the NAT rule to every data packet without
considering the IP protocol.
Parameter Displays additional parameters for this rule.
Possible values:
none
(default setting)
You have not specified any additional parameters for this rule.
mac=de:ad:de:ad:be:ef
This rule applies to packets with the source MAC address
de:ad:de:ad:be:ef
.
type=<0..255>
This rule applies to packets with a specific ICMP type. Enter exactly
one value (for the meaning of these values see RFC 792)
code=<0..255>
This rule applies to packets with a specific ICMP code. Enter exactly
one value (for the meaning of these values see RFC 792)
frags=<true|false>
When
true
, this rule applies to fragmented packets for which you set
specific rules.
flags=<syn|ack|fin>
This rule applies to packets for which you set specific flags.
flags=syn
This rule applies to packets for which you set the
syn
flag.
flags=syn|ack|fin
This rule applies to packets for which you set the
syn
,
ack
,
or fin
flag.
mac=de:ad:de:ad:be:ef,state=new|rel,flags=syn
This rule applies to packets that come from the
de:ad:de:ad:be:ef
MAC address, are in a new or relative connection, and for which you
set the
syn
flag.
Parameters Meaning
To Next Page
Loading...