Zhone 2004 ユーザーガイド

C-6

2 0 0 0 - A 2 - G B 2 2 - 0 0

Other ifnames include ppp0, fr0, pppoa0, hdlc0. Please note that when
creating and deleting PVCs, ifnames can change. Please review the IP
Filtering rule set after modifying WAN connections to ensure that the
rule set is still valid.

JetFusion IP Packet Filtering Syntax and Grammar

Each packet is compared to all the rules in the list for the interface and
direction, with the last matching rule being applied (exception: see “quick”
command below). Therefore, the most restrictive rules (block) should be
placed first in the list, with pass rules following. This will allow only certain
packet types to traverse the IAD.

NOTICE:

When modifying or deleting PVCs, the interface names can change.
Verify the interface names match the desired interfaces after modifying
or deleting PVCs.

The rules are stored on the IAD in the file, filter.st, and can be viewed
through the user interface. You may edit the filter.st file external to the IAD
and then download it to the IAD.

Grammar

The format used for construction of filtering rules can be described using the
following grammar in BNF:

filter-rule = action in-out [ options ] [ match ] [ keep ]

action

= “block” | "pass" | “count”

in-out

= "in" | "out"

options

= [ "quick" ] [ "on" interface-name ]

match

= [ tos ] [ ttl ] [ proto ] [ ip ]

keep

= "keep state"

tos

= "tos" decnumber | "tos" hexnumber

ttl

= "ttl" decnumber

proto

= "proto" protocol

= srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ]

protocol

= "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber

srcdst

= "all" | fromto

fromto = "from" object "to" object

object

= [“!”] addr [ port-comp | port-range ]

addr

= "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ]

port-comp = "port" compare port-num
port-range = "port" port-num range port-num

flags

= "flags" flag { flag } [ "/" flag { flag } ]

with

= "with" | "and"

icmp

= "icmp-type" icmp-type [ "code" decnumber ]