setpacketfilters(8)
System Administration 253
EXTENDED
DESCRIPTION
■When the command is executed, a prompt to confirm execution of the command
with the specified options is displayed. Enter "y" to execute the command or "n"
to cancel the command.
■The IP packet filtering rules are applied in the order in which they are defined.
■Rules for permitted senders must be defined before filter restrictions. First,
configure permitted senders; then, configure the setting for dropped packets. If
specified in reverse order, all IP packets will be dropped.
■Improper filtering rules can prevent normal network functions for the interface.
■If both the -i interface and the -s address [/mask] options are omitted, the rule is
applied to all IP packets received through XSCF-LAN.
■If the netmask value specified by the -s address [/mask] option does not
correspond to any of the following, an error results.
■Only the most significant bit is 1
■Repeated 1 from the most significant bit
■A rule which overlaps with an already-defined IP packet filtering rule cannot be
set.
■Up to 16 IP packet filtering rules can be set.
■If a message indicates that the XSCF must be reset, do so using the
rebootxscf(8) command.
■Use the showpacketfilters(8) command to display the current IP packet
filtering rules.
EXAMPLES EXAMPLE 1 Drops the IP packet sent from the IP address 10.10.10.10.
-s address[/mask] Specifies the sender of the IP packet. Either an IP address or a
network IP address with a netmask (/mask) added can be
specified.
To specify an IP address or a network IP address, use the
standard form of four integer values delimited by "." (periods).
For example, use xxx.xxx.xxx.xxx, where xxx is an integer from
0-255. Zero suppression can be used to specify the integer.
If the -s option is omitted, the filtering rule is applied to all IP
packets received via the specified network interface.
-y Automatically answers "y" (no) to all prompts.
XSCF> setpacketfilters -c add -s 10.10.10.10 -j DROP
-s 10.10.10.10/255.255.255.255 -j DROP