Nortel 4134 用户指南
108
Packet filter configuration
Table 40
Variable definitions
Variable definitions
Variable
Value
{permit | deny}
Specifies the action to perform when a packet
matches the filter rule:
permit: allow the packet to cross the filter
deny: drop the packet
matches the filter rule:
permit: allow the packet to cross the filter
deny: drop the packet
{tcp | udp | icmp | ip |
igmp | <0-255>}
igmp | <0-255>}
Specifies the name or number of an Internet
protocol. This can be one of the key words (TCP,
UDP, ICMP, IGMP, or IP), or an integer in the range
0 - 255 representing an IP protocol number. To
match any Internet protocol, including ICMP, TCP,
and UDP, use the keyword IP.
protocol. This can be one of the key words (TCP,
UDP, ICMP, IGMP, or IP), or an integer in the range
0 - 255 representing an IP protocol number. To
match any Internet protocol, including ICMP, TCP,
and UDP, use the keyword IP.
<src-address>
Specifies the source host or network address, in
format <A.B.C.D>/<A.B.C.D> or <A.B.C.D>/0-32
Enter
format <A.B.C.D>/<A.B.C.D> or <A.B.C.D>/0-32
Enter
any
to specify a source address/wildcard of
0.0.0.0/32.
<dst-address>
Specifies the destination host or network address,
in format <A.B.C.D>/<A.B.C.D> or <A.B.C.D>/0-32
Enter
in format <A.B.C.D>/<A.B.C.D> or <A.B.C.D>/0-32
Enter
any
to specify a destination address/wildcard
of 0.0.0.0/32.
[sport <src-port>] [dport
<dst-port>]
<dst-port>]
Optional entry for TCP and UDP protocols; allows
the source or destination port to be filtered.
=p: Specifies port number p, where p is 1- 65535.
!=p: Excludes port p.
>p: Specifies any port number greater than p
>=p: Specifies any port number greater than or
equal to p
<p: Specifies any port number less than p
<=p: Specifies any port number less than or equal
to p
p1-p2: Specifies any port number within the range
p1 - p2
the source or destination port to be filtered.
=p: Specifies port number p, where p is 1- 65535.
!=p: Excludes port p.
>p: Specifies any port number greater than p
>=p: Specifies any port number greater than or
equal to p
<p: Specifies any port number less than p
<=p: Specifies any port number less than or equal
to p
p1-p2: Specifies any port number within the range
p1 - p2
[icmptype <icmp-type>]
Specifies the ICMP message type to be filtered
(optional, range is 0 - 255).
(optional, range is 0 - 255).
[icmpcode <icmp-code
>]
>]
Specifies the ICMP message code to be filtered, if
specified along with a message type. The range is
0 - 255.
specified along with a message type. The range is
0 - 255.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.