Allied Telesis AT-WR4500 manual Address-list parameter

address-list parameter

add-src-to-address-list- adds source address of an IP packet to the address list specified by address- list parameter

dst-nat- replaces destination address of an IP packet to values specified by to-addressesand to-portsparameters

jump - jump to the chain specified by the value of the jump-targetparameter log - each match with this action will add a message to the system log

masquerade - replaces source address of an IP packet to an automatically determined by the routing facility IP address

netmap - creates a static 1:1 mapping of one set of IP addresses to another one. Often used to distribute public IP addresses to hosts on private networks

passthrough - ignores this rule goes on to the next one

redirect - replaces destination address of an IP packet to one of the router's local addresses return - passes control back to the chain from where the jump took place

same - gives a particular client the same source/destination IP address from supplied range for each connection. This is most frequently used for services that expect the same client address for multiple connections from the same client

src-nat- replaces source address of an IP packet to values specified by to-addressesand to-portsparameters

address-list(name) - specifies the name of the address list to collect IP addresses from rules having action=add-dst-to-address-listor action=add-src-to-address-listactions. These address lists could be later used for packet matching

address-list-timeout(time; default: 00:00:00) - time interval after which the address will be removed from the address list specified by address-listparameter. Used in conjunction with add-dst-toaddress-listor add-src-to-address-listactions

00:00:00 - leave the address in the address list forever

chain (dstnat srcnat name) - specifies the chain to put a particular rule into. As the different traffic is passed through different chains, always be careful in choosing the right chain for a new rule. If the input does not match the name of an already defined chain, a new chain will be created

dstnat - a rule placed in this chain is applied before routing. The rules that replace destination addresses of IP packets should be placed there

srcnat - a rule placed in this chain is applied after routing. The rules that replace the source addresses of IP packets should be placed there

comment (text) - a descriptive comment for the rule. A comment can be used to identify rules form scripts

connection-bytes(integer-integer) - matches packets only if a given amount of bytes has already been transfered through the particular connection

0- means infinity, exempli gratia: connection-bytes=2000000-0means that the rule matches if more than 2MB has been transfered through the relevant connection

connection-limit(integer,netmask) - restrict connection number per address or address block (matches if the specified number of connection has already been established)

connection-mark(name) - matches packets marked via mangle facility with particular connection mark connection-type(ftp gre h323 irc mms pptp quake3 tftp) - matches packets from related connections based on information from their connection tracking helpers. A relevant connection helper must be enabled under /ip firewall service-port

content (text) - the text packets should contain in order to match the rule dscp (integer: 0..63) - DSCP (ex-ToS) IP header field value

dst-address(IP address/netmask IP address-IP address) - specifies the address range an IP packet is destined to. Note that console converts entered address/netmask value to a valid network address, i.e.:1.1.1.1/24 is converted to 1.1.1.0/24

dst-address-list(name) - matches destination address of a packet against user-defined address list dst-address-type(unicast local broadcast multicast) - matches destination address type of the IP packet, one of the:

unicast - IP addresses used for one point to another point transmission. There is only one sender and one receiver in this case

local - matches addresses assigned to router's interfaces

broadcast - the IP packet is sent from one point to all other points in the IP subnetwork

multicast - this type of IP addressing is responsible for transmission from one or more points to a set of other points