Nortel 4134 用户指南
Configuring IPv4 packet filters
109
Variable
Value
[igmptype <igmp-type>]
Specifies the IGMP type:
group-query
v1-report
dvmrp
pim
trace
v2-report
v2-leave
mtrace-response
mtrace
v3-report
mra
mrs
mrt or 0-12
group-query
v1-report
dvmrp
pim
trace
v2-report
v2-leave
mtrace-response
mtrace
v3-report
mra
mrs
mrt or 0-12
[precedence
<precedence>]
<precedence>]
Specifies the IP header precedence value to be
filtered. The range is 0 - 7.
filtered. The range is 0 - 7.
[tos <tos>]
Specifies the IP header type of service (TOS) value
to be filtered (for UDP and ICMP protocols).
The range is 0 - 15.
to be filtered (for UDP and ICMP protocols).
The range is 0 - 15.
[dscp <dscp>]
Specifies the IP differentiated services code point
(dscp).
The range is 0 - 63.
(dscp).
The range is 0 - 63.
[flags <tcp-flags>]
Specifies the TCP flags to be filtered. You can
specify multiple TCP flags by separating the
keywords below with commas (no spaces allowed).
This entry may be any of the following words:
established Used to match an established
connection (Cisco-compatible).
fin Matches the TCP FIN header flag.
syn Matches the TCP SYN header flag.
ack Matches the TCP ACK header flag.
psh Matches the TCP PSH header flag.
rst Matches the TCP RST header flag.
urg Matches the TCP URG header flag.
specify multiple TCP flags by separating the
keywords below with commas (no spaces allowed).
This entry may be any of the following words:
established Used to match an established
connection (Cisco-compatible).
fin Matches the TCP FIN header flag.
syn Matches the TCP SYN header flag.
ack Matches the TCP ACK header flag.
psh Matches the TCP PSH header flag.
rst Matches the TCP RST header flag.
urg Matches the TCP URG header flag.
[fragments {on|off}]
Matches non-initial fragmented packets where the
fragment extension header contains a non-zero
fragment offset. The fragments keyword is an option
only if the operator [port-number] arguments are not
specified.
fragment extension header contains a non-zero
fragment offset. The fragments keyword is an option
only if the operator [port-number] arguments are not
specified.
[log {on|off}]
Allows a logging message to be reported to the user
when a rule match occurs.
on: Turns on logging.
off: Turns off logging. (default)
when a rule match occurs.
on: Turns on logging.
off: Turns off logging. (default)
[expire <expiry-time>]
Specifies the rule expiry time in seconds
[no]
Removes the specified packet filter.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.