Network Security > Packet Filter > Rule
Network Security
RM GUI HiSecOS EAGLE20/30
Release
3.0
09/2015
147
Parameter Specifies additional parameters for this rule.
Enter parameters in the form
<param>=<val>
. If you enter multiple
parameters, separate them using a comma. If you enter multiple values,
separate them using a vertical bar.
Some parameters are valid when you use a specific protocol. Exception:
the value
mac
is valid independently of the protocol. You also have the
option of entering a combination of valid rules and protocol-specific rules.
Possible values:
none
(default setting)
You have not specified any additional parameters for this rule.
mac=de:ad:de:ad:be:ef
This rule applies to packets with the source MAC address
de:ad:de:ad:be:ef
.
type=<0..255>
This rule applies to packets with a specific ICMP type. Enter exactly
one value (for the meaning of these values see RFC 792)
code=<0..255>
This rule applies to packets with a specific ICMP code. Enter exactly
one value (for the meaning of these values see RFC 792)
frags=<true|false>
When
true
, this rule applies to fragmented packets for which you set
specific rules.
flags=<syn|ack|fin>
This rule applies to packets for which you set specific flags.
flags=syn
This rule applies to packets for which you set the
syn
flag.
flags=syn|ack|fin
This rule applies to packets for which you set the
syn
,
ack
,
or fin
flag.
mac=de:ad:de:ad:be:ef,state=new|rel,flags=syn
This rule applies to packets that come from the
de:ad:de:ad:be:ef
MAC address, are in a new or relative connection, and for which you
set the
syn
flag.
Parameters Meaning
To Next Page
Loading...