2-122 Command Line Interface Commands Reference

ip filterset fs-tag{in out} [filter] filter-id[enable {yes no}]

[forward {yes no} [ force-route {yes no ] force-route-gateway ip-addr}] [{ call-placement idle-reset } { no-change disabled }]

[source { ip-addr/mask-bits ip-addr mask }]

[destination { ip-addr/mask-bits ip-addr mask }] [ tos { tos_value tos-masktos_mask_value }

[ protocol { 1..65535 any

gre

{{tcp 6 } [{source port-compare}] [{destination port-compare}] [established all] }

{{udp 17 } [{source port-compare}] [{destination port-compare}]}

{{icmp 1 } [{type port-compare}] [{code port-compare}]} } ]

no ip filterset fs-id[{in out} [filter-id]] show ip filterset fs-id[{in out} [filter-id]]

set

A Filter set, as with NAT Server and Rule Lists, is instantiated by creating its first contained object. This first filter can be identified by its ones-based index, 1, or with the special new keyword. Subsequent modifications to this filter, assuming no more filters have been added to the filter set yet, must be done by referring to the filter either by id (1), or by the other special keyword last. Subsequent filters can be added using either new or by the next integer filter id. You can always specify the last filter in the set by using last. It is an error to attempt to create a new filter whose id is not 1 greater than the id of the last filter.

Using new and last allow you to create filter sets without using filter indices.

show

You can show the contents of all filter sets by typing:

show ip filterset

Or you can show the contents of a filter set by typing (for example):

show ip filterset "My Filters"

Or all of the input or output filters of a filter set by adding the {in out} keyword:

show ip filterset "My Filters" in

Or a particular filter by specifying {in out} and the tag:

show ip filterset "My Filters" in 3

Since the command line console is currently constrained to 78 characters per line, the show command breaks each filter up into four separate lines, for example:

show ip filterset "Basic Firewall" in 2

ip filterset "Basic Firewall" in 2 enable yes forward no ip filterset "Basic Firewall" in 2 source 0.0.0.0/0

ip filterset "Basic Firewall" in 2 destination 0.0.0.0/0

Page 133 Page 135
Page 134
Image 134
Netopia CLI 874 manual Set, Show
Page 133 Page 135
Top Page Image Contents