2.5.2 ipf set (for 2950 series only)
This command is used to set filter rule for firewall.
ipf set [SET_NO] rule [RULE_NO] [Options] ipf set [Options]
Syntax Description |
|
|
| ||
SET_NO |
| It means to specify the index number (from 1 to 12) of filter set. |
|
| |
RULE_NO |
| It means to specify the index number (from 1 to 7) of filter rule set. |
|
| |
Options |
| There are several options provided here, such as | |||
|
|
| [SET_NO], | ||
|
|
| and |
|
|
| Type |
|
| ||
| It means to setup Call Filter, e.g., |
|
| ||
|
|
| number you can type is “0” to “12” (0 means “disable). |
|
|
| It means to setup Data Filter, e.g., |
|
| ||
|
|
| number you can type is “0” to “12” (0 means “disable). |
|
|
| It means to setup Log Flag, e.g., |
|
| ||
|
|
| Type “0” to disable the log flag. |
|
|
|
|
| Type “1” to display the log of passed packet. |
|
|
|
|
| Type “2” to display the log of blocked packet. |
|
|
|
|
| Type “3” to display the log of |
|
|
- p [VALUE] |
| It means to setup actions for packet not matching any rule. e.g., | |||
|
|
| Type “0” to let all the packets pass; |
|
|
|
|
| Type “1” to block all the packets. |
|
|
|
| It means to setup CSM for packet not matching any rule. Type the |
|
| |
|
|
| index number of CSM profile (0 to 32, 0=None), e.g., |
|
|
| It means to apply IP filter to VPN incoming packets. |
|
| ||
|
|
| Type “0” to disable; type “1” to enable, e.g., |
|
|
| It means to accept large incoming fragmented UDP or ICMP packets. | ||||
|
|
| Type “0” to disable; type “1” to enable, e.g., |
|
|
Example |
|
|
|
| |
|
|
|
| ||
| > ipf set 2 rule 1 |
|
| ||
| Setting saved. |
|
|
| |
| > ipf set 2 rule 1 |
|
| ||
| Filter Set 2 Rule 1: |
|
| ||
| Status | : Enable |
|
| |
| Comments | : xNetBios |
|
| |
|
|
| |||
| Direction |
| : LAN |
|
|
| Source IP |
| : Any |
|
|
| Destination IP | : Any |
|
| |
| Service Type | : TCP/UDP, Port: from 137~139 to 53 |
|
| |
Telnet Command Reference Guide V1.1 | 29 | ||||
