Nortel Secure 4134 Configuration page 108

108 Packet filter configuration
Table 40
Variable definitions
Variable
{permit | deny}
{tcp | udp | icmp | ip |
igmp | <0-255>}
<src-address>
<dst-address>
[sport <src-port>] [dport
<dst-port>]
[icmptype <icmp-type>]
[icmpcode <icmp-code
>]
Copyright © 2007, Nortel Networks
.
Value
Specifies the action to perform when a packet
matches the filter rule:
permit: allow the packet to cross the filter
deny: drop the packet
Specifies the name or number of an Internet
protocol. This can be one of the key words (TCP,
UDP, ICMP, IGMP, or IP), or an integer in the range
0 - 255 representing an IP protocol number. To
match any Internet protocol, including ICMP, TCP,
and UDP, use the keyword IP.
Specifies the source host or network address, in
format <A.B.C.D>/<A.B.C.D> or <A.B.C.D>/0-32
Enter any to specify a source address/wildcard of
0.0.0.0/32.
Specifies the destination host or network address,
in format <A.B.C.D>/<A.B.C.D> or <A.B.C.D>/0-32
Enter any to specify a destination address/wildcard
of 0.0.0.0/32.
Optional entry for TCP and UDP protocols; allows
the source or destination port to be filtered.
=p: Specifies port number p, where p is 1- 65535.
!=p: Excludes port p.
>p: Specifies any port number greater than p
>=p: Specifies any port number greater than or
equal to p
<p: Specifies any port number less than p
<=p: Specifies any port number less than or equal
to p
p1-p2: Specifies any port number within the range
p1 - p2
Specifies the ICMP message type to be filtered
(optional, range is 0 - 255).
Specifies the ICMP message code to be filtered, if
specified along with a message type. The range is
0 - 255.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600 01.02 Standard
10.0 3 August 2007