Compatible Systems 5.4 Manuale Utente
192
Chapter 11 - TCP/IP Filtering
v Note: RFC 1700 "Assigned Numbers" contains a listing of all currently
assigned IP protocol keywords and numbers.
assigned IP protocol keywords and numbers.
IP Packet Filter Rule Modifiers
These modifiers act to restrict the type of packets which will match a filter
rule.
rule.
•
IP This option specifies that all packets from the source and destination
IP address and mask will match this rule. If no particular IP protocol
packet type (TCP, UDP, ICMP, GRE, AH, ESP or OSPF) is specified,
IP is assumed.
IP address and mask will match this rule. If no particular IP protocol
packet type (TCP, UDP, ICMP, GRE, AH, ESP or OSPF) is specified,
IP is assumed.
The IP protocols, other than IP itself, may be specified as a decimal
number or as a keyword. The supported keywords are followed by their
protocol numbers for your reference.
number or as a keyword. The supported keywords are followed by their
protocol numbers for your reference.
TCP (6)
UDP (17)
ICMP (1)
GRE (47)
AH (51)
OSPF (89)
ESP (50)
•
TCP
or TCP src <expression> <port>
or TCP dst <expression> <port>
or TCP est
or TCP src <expression> <port> est
or TCP dst <expression> <port> est
or TCP src <expression> <port>
or TCP dst <expression> <port>
or TCP est
or TCP src <expression> <port> est
or TCP dst <expression> <port> est
This modifier allows filtering on TCP (Transmission Control Protocol)
packets. A source or destination port may be filtered by including the src
or dst specifiers, followed by a logical expression and a port (as
described in the subsection above).
packets. A source or destination port may be filtered by including the src
or dst specifiers, followed by a logical expression and a port (as
described in the subsection above).
ICMP
TYPES
:
echo-reply (0)
dest-unrch (3)
src-quench (4)
redirect (5)
echo, ping (8)
time-exceed (11)
param-prob (12)
time (13)
time-reply (14)
info (15)
info-reply (16)
mask (17)
mask-reply (18)