Showing Filter File
Contents
show filter <filter_name>
Generating SYSLOG
Messages for Filtered
Packets
set packet_logging
logging [all
none]
|
packet size [0-493 bytes]
Filter Examples
Source and Destination
Address Filtering
Use this command to view the contents of a filter file that has been added to the
managed list of filters
For example, to view the contents of the filter file no_spam.flt, you would enter
the following:
show filter no_spam.flt
You can also display the contents of a filter file by protocol. To display the contents
of the filter file no_spam.flt for the IP-RIP protocol, you would enter the following:
show filter no_spam.flt protocol IP-RIP
You can save part of a filtered packet to a configured SYSLOG server, allowing you
to track down a potentially malicious user.
The following table describes the parameters:
Parameter
Description
All
Creates SYSLOG messages for all filtered packets
None
No SYSLOG messages generated
0 - 493 bytes
Use a number between 0 and 493 to specify how many bytes of
the discarded packet to send to SYSLOG
This section briefly describes IP packet filtering options, and provides rule examples
for each IP packet filtering capability. This section includes the following topics:
Source and Destination Address Filtering
Masks
TCP and UDP Parameter Filtering
IP RIP Packet Filtering
ICMP Packet Filtering
Source and destination address filtering is generally used to limit permitted access
to trusted hosts and networks only, and to explicitly deny access to hosts and
networks that are not trusted, or to limit external access to a given host (for
example, a Web server or a firewall).
The following filter file rule example would reject forwarding IP packets with a
source address of 192.77.100.32:
#filter
IP:
010 REJECT src-addr = 192.77.100.32;
Filter Examples 27-11