Cisco Cisco Packet Data Gateway (PDG)
ACS Rulebase Configuration Mode Commands
firewall max-ip-packet-size ▀
Command Line Interface Reference, StarOS Release 17 ▄
703
firewall max-ip-packet-size
This command allows you to configure the maximum IP packet size (after IP reassembly) allowed over Stateful
Firewall.
Firewall.
Important:
In StarOS 8.0, this command is available in the ACS Configuration Mode. In StarOS 8.1 and StarOS
8.3, use this command for Rulebase-based Firewall-and-NAT configuration. In StarOS 8.1 and StarOS 9.0 and later
releases, for Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
releases, for Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Rulebase Configuration
active-charging service service_name > rulebase rulebase_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-rule-base)#
Syntax
firewall max-ip-packet-size packet_size protocol { icmp | non-icmp }
default firewall max-ip-packet-size protocol { icmp | non-icmp }
default
Configures the default maximum IP packet size configuration.
Default: 65535 bytes (for both ICMP and non-ICMP)
Default: 65535 bytes (for both ICMP and non-ICMP)
packet_size
Specifies the maximum packet size.
packet_size
must be an integer from 30000 through 65535.
protocol { icmp | non-icmp }
Specifies the transport protocol:
icmp
: Configuration for ICMP protocol.
non-icmp
: Configuration for protocols other than ICMP.
Usage
Use this command to configure the maximum IP packet size allowed for ICMP and non-ICMP packets to
prevent packet flooding attacks to the host. Packets exceeding the configured size will be dropped for “Jolt
Attack” and “Ping-Of-Death Attack”.
prevent packet flooding attacks to the host. Packets exceeding the configured size will be dropped for “Jolt
Attack” and “Ping-Of-Death Attack”.
Example