Table of Contents
Advertisement
IPSec Commands
ipsec policy rule create
Create a rule.
If a value is preceded by a "!", it means "NOT".
Note
E.g. "srcport=!80" means "if srcport is different from 80".
SYNTAX:
policy rule create
where:
chain
index
srcintf
src
dst
tos
precedence
dscp
296
chain = <chain name>
[index = <number>]
[srcintf [!]= <string>]
[src [!]= <ip-range>]
[dst [!]= <ip-range>]
[tos [!]= <number{1-255}>]
[precedence [!]= <number{0-7}>]
[dscp [!]= <number{0-63}>]
[prot [!]= <{<supported IP protocol name>|<number>}]
[srcport [!]= <{<supported TCP/UDP port name>|<number>}>]
[srcportend = <{<supported TCP/UDP port name>|<number>}>]
[dstport [!]= <{<supported TCP/UDP port name>|<number>}>]
[dstportend = <{<supported TCP/UDP port name>|<number>}>]
[clink = <chain name>]
[log = <{no|yes}>]
policy = <Connection Profile Name>
The name of the chain in which the rule must be inserted.
The number of the rule before which the new rule must be added.
The name of the interface the packet should [or should NOT] arrive
on to make this rule apply.
(NOT applicable if used in a chain assigned to the output hook)
The source IP address (range) the packet should [or should NOT]
come from. (Supports cidr notation).
The destination IP address (range) the packet should [or should
NOT] be going to. (Supports cidr notation).
A number between 0 and 255.
Represents the Type Of Service (TOS) specification expected [or
NOT expected] in the IP packet.
A number between 0 and 7.
Represents the precedence in the IP packet (part of tos).
A number between 0 and 63.
Represents the DSCP in the IP packet (part of tos).
REQUIRED
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
E-DOC-CTC-20040216-0002 v1.0
- Quick Links:
- Accessing the Command Line Interface
Hide quick links:
Advertisement
Table of Contents
