9-52 MAX 6000/3000 Network Configuration Guide
Configuring IP Routing
Configuring WAN interfaces
Note: A filter definition cannot contain new lines. The syntax is shown here on multiple lines
for printing purposes only.
Keyword or argument Description
iptos Specifies an IP filter.
dir Specifies filter direction. You can specify in (to filter packets com-
ing into the MAX) or out (to filter packets going out of the MAX).
dstip n.n.n.n/nn If the dstip keyword is followed by a valid IP address, the TOS
filter sets bytes only in packets with that destination address. If a
subnet mask portion of the address is present, the MAX compares
only the masked bits. If the dstip keyword is followed by the zero
address (0.0.0.0), or if this keyword and its IP address specification
are not present, the filter matches all IP packets.
srcip n.n.n.n/nn If the srcip keyword is followed by a valid IP address, the TOS
filter sets bytes only in packets with that source address. If a subnet
mask portion of the address is present, the MAX compares only the
masked bits. If the srcip keyword is followed by the zero address
(0.0.0.0), or if this keyword and its IP address specification are not
present, the filter matches all IP packets.
proto Specifies a TCP/IP protocol number. A value of zero matches all
protocols. If you specify a nonzero number, the MAX compares it
to the Protocol field in packets. For a complete list of protocol num-
bers, see RFC 1700.
dstport cmp value If th e dstport keyword is followed by a comparison symbol and a
port, the MAX compares the specified port to the destination port
of a packet. The comparison symbol can be < (less-than), = (equal),
> (greater-than), or != (not-equal). The port value can be one of the
following names or numbers: ftp-data (20), ftp (21), telnet (23),
smtp (25), nameserver (42), domain (53), tftp (69), gopher (70),
finger (79), www (80), kerberos (88), hostname (101), nntp (119),
ntp (123), exec (512), login (513), cmd (514), or talk (517).
srcport cmp value If the srcport keyword is followed by a comparison symbol and
a port name or number, the MAX compares the specified port to the
source port of a packet. The comparison symbol can be <
(less-than), = (equal), > (greater-than), or != (not-equal). The port
value can be one of the following names or numbers: ftp-data (20),
ftp (21), telnet (23), smtp (25), nameserver (42), domain (53), tftp
(69), gopher (70), finger (79), www (80), kerberos (88), hostname
(101), nntp (119), ntp (123), exec (512), login (513), cmd (514), or
talk (517).