Security
108
System Management Guide
3HE 11018 AAAC TQZZA Edition: 01
Context config>system>security>cpm-filter>ip-filter>entry>match
config>system>security>cpm-filter>ipv6-filter>entry>match
Description This command configures matching on an ICMP code field in the ICMP header of an IP
packet as an IP filter match criterion.
The ICMP protocol must be configured using the match command before this filter can be
configured.
The no form of the command removes the criterion from the match entry.
Default no icmp-code
Parameters icmp-code — icmp-code-number or icmp-code-keyword
icmp-code-number — the ICMP code number in decimal, hexadecimal, or binary, to be
used as a filter match criterion
Values [0 to 255]D
[0x0 to 0xFF]H
[0b0 to 0b11111111]B
icmp-code-keyword — the ICMP code keyword to be used as a filter match criterion
Values For IPv4 filter: none, network-unreachable, host-unreachable,
protocol-unreachable, port-unreachable, fragmentation-needed,
source-route-failed, dest-network-unknown, dest-host-unknown,
src-host-isolated, network-unreachable-for-tos,
host-unreachable-for-tos
For IPv6 filter: none, no-route-to-destination,
comm-with-dest-admin-prohibited, beyond-scope-src-addr,
address-unreachable, port-unreachable
icmp-type
Syntax icmp-type icmp-type
no icmp-type
Context config>system>security>cpm-filter>ip-filter>entry>match
config>system>security>cpm-filter>ipv6-filter>entry>match
Description This command configures matching on an ICMP type field in the ICMP header of an IP packet
as an IP filter match criterion.
The ICMP protocol must be configured using the match command before this filter can be
configured.
The no form of the command removes the criterion from the match entry.
Default no icmp-type
To Next Page
Loading...
