Zhone 2004 ユーザーガイド
A p p l i c a t i o n N o t e s
C-11
state
keeps information about the flow of a communication session. State
can be kept for TCP, UDP, and ICMP packets.
frags
keeps information on fragmented packets, to be applied to later frag-
ments.
Examples
The quick option is good for rules such as
block in quick from any to any with ipopts
which will match any packet with a non-standard header length (IP options
present) and abort further processing of later rules, recording a match and also
that the packet should be blocked.
present) and abort further processing of later rules, recording a match and also
that the packet should be blocked.
The "fall-through" rule parsing allows for effects such as this:
block in from any to any port < 6000
pass in from any to any port >= 6000
block in from any to port > 6003
pass in from any to any port >= 6000
block in from any to port > 6003
which sets up the range 6000-6003 as being permitted and all others being
denied. Note that the effect of the first rule is overridden by subsequent rules.
Another (easier) way to do the same is:
denied. Note that the effect of the first rule is overridden by subsequent rules.
Another (easier) way to do the same is:
block in from any to any port 6000 <> 6003
pass in from any to any port 5999 >< 6004
pass in from any to any port 5999 >< 6004
Note that both the "block" and "pass" are needed here to effect a result as a
failed match on the "block" action
failed match on the "block" action
pass in quick from any to any port < 1024
would be needed before the first block.
Dial Plan
The Call Agent can ask the gateway to collect digits dialed by the user. This
facility is intended to be used with residential gateways to collect the numbers
that a user dials; it can also be used with trunking gateways and access
gateways alike, to collect access codes, credit card numbers and other
numbers requested by call control services.
facility is intended to be used with residential gateways to collect the numbers
that a user dials; it can also be used with trunking gateways and access
gateways alike, to collect access codes, credit card numbers and other
numbers requested by call control services.
One procedure is for the gateway to notify the Call Agent of each individual
dialed digit, as soon as they are dialed. However, such a procedure generates a
large number of interactions. It is preferable to accumulate the dialed numbers
in a buffer, and to transmit them in a single message.
dialed digit, as soon as they are dialed. However, such a procedure generates a
large number of interactions. It is preferable to accumulate the dialed numbers
in a buffer, and to transmit them in a single message.