Cisco Cisco Packet Data Interworking Function (PDIF) Guide De Dépannage
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
ACS Rulebase Configuration Mode Commands
▀ firewall no-ruledef-matches
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
Important:
If neither
or
are configured, NAT is performed if the
CLI command is configured with the
option.
: Denies specified packets.
Optionally, a charging action can be specified.
must be the name of a charging action, and must be a string of 1 through 63
characters in length.
Usage
Use this command to configure the default action to be taken on packets with no Firewall ruledef matches.
If, for deny action, the optional charging action is configured, the action taken depends on what is configured
in the charging action. For the firewall rule, the ―flow action‖, ―billing action‖, and ―content ID‖ of the
charging action will be used to take action. If flow exists, flow statistics are updated.
Allowing/dropping of packets is determined in the following sequence:
If, for deny action, the optional charging action is configured, the action taken depends on what is configured
in the charging action. For the firewall rule, the ―flow action‖, ―billing action‖, and ―content ID‖ of the
charging action will be used to take action. If flow exists, flow statistics are updated.
Allowing/dropping of packets is determined in the following sequence:
Check is done to see if the packet matches any pinholes. If yes, no rule matching is done and the packet
is allowed.
Firewall ruledef matching is done. If a rule matches, the packet is allowed or dropped as per the
configuration.
If no firewall ruledef matches, the packet is allowed or dropped as per the
configuration.
For a packet dropped due to firewall ruledef match or no match (first packet of a flow), the charging action
applied is the one configured in the
applied is the one configured in the
or the
command respectively.
In StarOS 8.1, in the case of Policy-based Firewall, the charging action applied is the one configured in the
In StarOS 8.1, in the case of Policy-based Firewall, the charging action applied is the one configured in the
or the
command respectively.
For action on packets dropped due to any error condition after data session is created, the charging action
must be configured in the
must be configured in the
command.
Example
The following command sets Stateful Firewall to permit downlink packets with no ruledef matches:
The following command sets Stateful Firewall to permit downlink packets with no ruledef matches: