Digi TransPort WR31 User Manual page 697
Hide thumbs
Also See for TransPort WR31:
- Technical support (26 pages) ,
- User manual (9 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
Configure security settings
The optional [icmp-code] field can also be a decimal number representing the ICMP code of the
return ICMP packet but if the [icmp-type] is [unreach], then the code can also be one of the
following pre-defined text codes:
ICMP code
net-unr
host-unr
proto-unr
port-unr
needfrag
srcfail
For example, this rule causes the router to return an ICMP Unreachable packet in response to all
packets received on PPP 0:
block return-icmp unreach in break end on ppp 0
Instead of using the return-icmp option to return an ICMP packet, you can use return-rst to return
a TCP reset packet instead. This would only be applicable for a TCP packet. For example, this rule
returns a TCP reset packet when the firewall receives a TCP packet on the Ethernet interface 0 with
destination address 10.1.2.*.
block return-rst in break end on eth 0 proto tcp from any to
10.1.2.0/24
pass
Allows packets that match the rule to pass through the firewall.
pass-ifup
Allows outbound packets that match the rule to pass through the firewall but only if the link is
already active.
debug
Causes the router to tag any packets matching the rule for debug. This means that for every
matching rule that is encountered from this point in the script onwards, an entry will be placed
in the pseudo-file FWLOG.TXT.
dscp
Causes any packets matching this rule to have its DSCP value adjusted according to this rule.
The DSCP value of a packet indicates the type of service required. The router uses it in
conjunction with QOS (Quality of Service) functions. A decimal or hexadecimal number must
follow the dscp keyword to indicate the value that should be set.
vdscp
Similar to the dscp action as described above, in that it adjusts the DSCP value in a packet. The
difference is that this is a virtual change only, which means that the actual packet is not
changed, and that the packet is processed as if it had the DSCP value as indicated. Like the dscp
action, a decimal or hexadecimal number must follow.
Digi TransPort WR Routers User Guide
Description
Network unreachable
Host unreachable
Protocol unrecognized
Port unreachable
Needs fragmentation
Source route fail
Firewall
692
- Quick Links:
- Transport Wr31
- Log in to the Device
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
