Table of Contents
Advertisement
do
Specifies the action of packets that match the rule after
packets to be matched.
1.
2.
ACTION
Specifies the action for the packets that match the rule.
1.
2.
258
matched to the second and subsequent fragment packets. This parameter
does not identify the source port, destination port, and ICMP type.
not
If
is specified, the rule is not applied to the second and subsequent
fragment packets.
state [not]
FILTER-STATE
Specify the state as the profile for the packets to be matched.
For FILTER-STATE, you can specify multiple states from
related
invalid
, and
not
If
is specified, states other than the one specified for
become the profiles of packets to be matched.
Default value when this parameter is omitted:
None (this parameter cannot be omitted).
Range of values:
do
Default value when this parameter is omitted:
None (this parameter cannot be omitted).
Range of values:
allow
Packets that match the rule are allowed.
deny
Packets that match the rule are denied.
reject reply
{
STD_REPLY_TYPES
Denies the packets that match the rule, and sends an error to the source of the
packets with the message type specified for
{
STD_REPLY_TYPES
For STD_REPLY_TYPES, specify
For ICMP_REPLY_TYPES, specify
icmp-delayed
icmp-host-prohibited
,
icmp-net-unreachable
icmp-port-unreachable
For ICMP6_REPLY_TYPES, specify
icmp6-adm-prohibited
log [
prefix LOG-STRING
[LOG-INFO]
Outputs the packets that match the rule to the log.
.
|
ICMP_REPLY_TYPES
|
ICMP_REPLY_TYPES
port-unreach
icmp-admin-prohibited
icmp-host-unreachable
,
icmp-network-prohibited
,
icmp-protocol-unreachable
, and
icmp6-addr-unreachable
icmp6-port-unreachable
, and
] [
] [
log-amount N
new
established
,
FILTER-STATE
do
as the profile for the
|
ICMP6_REPLY_TYPES
|
ICMP6_REPLY_TYPES
tcp-reset
or
.
,
,
,
.
,
.
]
level LOG-LEVEL
,
}
}
.
Advertisement
Table of Contents
Troubleshooting
