System Management Guide Security
Edition: 01 3HE 11018 AAAC TQZZA 107
config>system>security>cpm-filter>ipv6-filter>entry>match
Description This command specifies the TCP/UDP port to match the destination port of the packet.
The no form of the command removes the destination port match criterion.
The TCP or UDP protocol must be configured using the match command before this filter can
be configured.
Parameters tcp/udp port-number — the destination port number to be used as a match criterion
Values [0 to 65535]D
[0x0 to 0xFF]H
[0b0 to 0b1111111111111111]B
mask — the 16-bit mask to be applied when matching the destination port
Values [0 to 65535]D
[0x0000..0xFFFF]H
[0b0000000000000000 to 0b1111111111111111]B
fragment
Syntax fragment {true | false}
no fragment
Context config>system>security>cpm-filter>ip-filter>entry>match
Description This command configures fragmented or non-fragmented IP packets as an IP filter match
criterion.
The no form of the command removes the match criterion.
This command applies to IPv4 filters only.
Default false
Parameters true — configures a match on all fragmented IP packets. A match will occur for all
packets that have either the MF (more fragment) bit set or have the Fragment Offset
field of the IP header set to a non-zero value.
false — configures a match on all non-fragmented IP packets. Non-fragmented IP
packets are packets that have the MF bit set to zero and have the Fragment Offset
field also set to zero.
icmp-code
Syntax icmp-code icmp-code
no icmp-code
To Next Page
Loading...
