Руководство По Устранению Ошибки для Cisco Cisco Packet Data Gateway (PDG)
Firewall-and-NAT Policy Configuration Mode Commands
▀ firewall max-ip-packet-size
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
firewall max-ip-packet-size
This command configures the maximum IP packet size (after IP reassembly) allowed over Stateful Firewall.
Important:
In StarOS 8.0, this configuration is available in the ACS Configuration Mode. In StarOS 8.1, for
Rulebase-based Stateful Firewall configuration, this configuration is available in the ACS Rulebase Configuration
Mode. In StarOS 8.3, this configuration is available in the ACS Rulebase Configuration Mode.
Mode. In StarOS 8.3, this configuration is available in the ACS Rulebase Configuration Mode.
Product
FW
Privilege
Security Administrator, Administrator
Syntax
Configures the default setting.
Default: 65535 bytes (for both ICMP and non-ICMP)
Default: 65535 bytes (for both ICMP and non-ICMP)
Specifies the maximum packet size allowed.
must be an integer from 30000 through 65535.
Specifies the transport protocol:
: Configuration for ICMP protocol.
: Configuration for protocols other than ICMP.
Usage
Use this command to configure the maximum IP packet size allowed for ICMP and non-ICMP packets to
prevent packet flooding attacks to the host. Packets exceeding the configured size will be dropped for ―Jolt‖
and ―Ping-Of-Death‖ attacks.
prevent packet flooding attacks to the host. Packets exceeding the configured size will be dropped for ―Jolt‖
and ―Ping-Of-Death‖ attacks.
Example
The following command allows a maximum packet size of
The following command allows a maximum packet size of
for ICMP protocol: