Cisco Cisco Packet Data Gateway (PDG)
ACS Rulebase Configuration Mode Commands
firewall tcp-reset-message-threshold ▀
Command Line Interface Reference, StarOS Release 17 ▄
715
firewall tcp-reset-message-threshold
This command allows you to configure a threshold on the number of TCP reset messages sent by the subscriber for a
particular data flow. After this threshold is reached, further downlink traffic to the subscriber on the unwanted flow is
blocked.
particular data flow. After this threshold is reached, further downlink traffic to the subscriber on the unwanted flow is
blocked.
Important:
This command is only available in StarOS 8.3 and later releases. In StarOS 8.3, use this command
for Rulebase-based Firewall-and-NAT configuration. In StarOS 9.0 and later releases, for Policy-based Firewall-and-
NAT configuration, this command is available in the Firewall-and-NAT Policy Configuration Mode.
NAT configuration, this command is available in the Firewall-and-NAT Policy Configuration Mode.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Rulebase Configuration
active-charging service service_name > rulebase rulebase_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-rule-base)#
Syntax
firewall tcp-reset-message-threshold messages then-block-server
{ default | no } firewall tcp-reset-message-threshold
default
Configures this command with its default setting.
Default:
Default:
no firewall tcp-reset-message-threshold
no
If previously configured, deletes the firewall tcp-reset-message-threshold configuration from the current
rulebase.
rulebase.
messages
Specifies the threshold on the number of TCP reset messages sent by the subscriber for a particular data flow.
messages
must be an integer from 1 through 100.
Usage
Use this command to configure a threshold on the number of TCP reset messages sent by the subscriber for a
particular data flow. After the threshold is reached, assuming the server is not reacting properly to the reset
messages further downlink traffic to the subscriber on the unwanted flow is blocked. This configuration
enables QCHAT noise suppression for TCP.
particular data flow. After the threshold is reached, assuming the server is not reacting properly to the reset
messages further downlink traffic to the subscriber on the unwanted flow is blocked. This configuration
enables QCHAT noise suppression for TCP.
Example
The following command sets the threshold on the number of TCP reset messages to
10
: