Displaying And Debugging Packet Filter - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
The default number of upper threshold fragment state records is 2000. The default
number of lower threshold fragment state records is 1500.
IV. Applying ACL on the interface
To filter fragments based on layer 3 information or time range, you can configure the
router to perform standard matching. To filter fragments based on port information, you
must configure the router to perform exact matching; otherwise, the port matching rule
does not take effect.
Table 6-6 Apply ACL on the interface
Specify the rule of filtering transmitting
and receiving packets in the interface
Remove the rule of filtering transmitting
and receiving packets in the interface
The standard matching is used by default.

6.2.5 Displaying and Debugging Packet Filter

After the above configuration, execute display command in all views to display the
running of the packet filter configuration, and to verify the effect of the configuration.
Execute debugging command in user view to debug the packet filter.
Table 6-7 Display and debug firewall
Display statistics about firewall of the
interface
Enable
debugging (in user view)
Disable
debugging (in user view)
Operation
Operation
firewall packet
firewall packet
3Com Corporation
Chapter 6 Firewall Configuration
firewall packet-filter
{ inbound
[ match-fragments
exactly } ]
undo firewall packet-filter acl-number
{ inbound | outbound }
display firewall-statistics
interface
fragments-inspect }
debugging firewall { all | eff | icmp |
filtering packet { permitted | denied } | tcp | udp
| fragments-inspect
[ interface type number ]
undo debugging firewall { all | eff |
filtering icmp | packet { permitted | denied } |
tcp | udp | fragments-inspect | others }
[ interface type number ]
6-9
Command
acl-number
| outbound
{ normally
Command
{ all
type number
| others
}
|
|
|
}