Digi TransPort WR11 User Manual page 783

Configuring security
name is specified then this name can become oos (out of service) and can be tested in other firewall
rules with the oosed keyword.
secs
The length of time, in seconds, for which the routes that are using the specified interface are marked
as out of service.
{t=secs}
Optional. The length of time in seconds the router will wait for a response the packet that matched
the rule.
{c=count}
Optional. The number of times the stateful inspection engine must trigger the rule before the route is
marked as out of service.
{d=count}
Optional. The number of times the stateful inspection engine must trigger the rule before the
interface is deactivated. This parameters applies to PPP interfaces only.
{r="ping"|"tcp"{,secs{,secs}}}
Optional. Specifies a recovery procedure. When a recovery procedure is specified, the link is tested
after the oos timeout has expired. The link is tested by either sending a TCP SYN packet or a ping
packet to the address/port that caused the oos condition. The secs field specifies the retry time when
checking for recovery. Only when the recovery succeeds will the interface be in service again.
Example: using the oos parameter for UDP packets
An example set of firewall rules for UDP packets that uses the oos parameter is:
pass i n
pass out
pass out on ppp 1 pr ot o udp f r om any t o 156. 15. 0. 0/ 16 por t =1234 i nspect - st at e oos
ppp 1 300 t =10 c=2 d=2
In this example:
The first two rules configure the router to allow any type of packets to be transmitted or
n
received. The default action of the firewall is to block all traffic.
Digi TransPort® Routers User Guide
Firewall
783